> On 27/11/2019 21:28 Mark Moseley via dovecot <dovecot@dovecot.org> wrote:
>
>
> On Tue, Nov 26, 2019 at 11:22 PM Aki Tuomi via dovecot <dovecot@dovecot.org>
> wrote:
> >
> > On 21.11.2019 23.57, Marc Roos via dovecot wrote:
> > > Is it possible to configure a network for a cert instead of an ip?
> > >
> > > Something like this:
> > >
> > > local 192.0.2.0 {
> > > ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem
> > > ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem
> > > }
> > >
> > > Or
> > >
> > > local 192.0.2.0/24 (http://192.0.2.0/24) {
> > > ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem
> > > ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem
> > > }
> > >
> > > https://wiki.dovecot.org/SSL/DovecotConfiguration
> > >
> > >
> > >
> >
> > Local part supports that.
> >
> > Aki
>
>
> On the same topic (though I can start a new thread if preferable), it doesn't
> appear that you can use wildcards/patterns in the 'local' name, unless I'm
> missing something--which is quite likely.
>
> If it's not possible currently, can I suggest adding that as a feature? That
> is, instead of having to list out all the various SNI hostnames that a cert
> should be used for (e.g. "local pop3.example.com (http://pop3.example.com)
> imap.example.com (http://imap.example.com) pops.example.com
> (http://pops.example.com) pop.example.com (http://pop.example.com) .... {" --
> and on and on), it'd be handy to be able to just say "local *.example.com
> (http://example.com) {" and call it a day. I imagine there'd be a bit of a
> slowdown, since you'd have to loop through patterns on each connection
> (instead of what I assume is a hash lookup), esp for people with significant
> amounts of 'local's.
>
Actually that is supported, but you need to use v2.2.35 or later.
Aki
