Mike Richardson <doctor@???> wrote:
>
>Unless there is a variable in exim which stores the hostname which the
>client is configured to connect to (reverse IP lookup doesn't help), as
>opposed to the hostname of the machine it is connected to, then
>unfortunately this doesn't help.
SMTP doesn't allow the server to find out what the client thinks
the server's name is, which is necessary for multiple certificates to
work. You have to have a separate IP address for each name, and choose the
certificate to present based on the address. This is a problem with almost
all TLS implementations -- in fact it's one of the classic https FAQs.
>Can I request that support for multiple certificates be added to the
>wish list please?
I do this:
CERTS = /opt/dist/certs
tls_certificate = CERTS/server/${lookup{$interface_address} \
cdb{DB/ipaddr2name.cdb}}
The ipaddr2name table contains entries like
131.111.8.140 smtp.hermes.cam.ac.uk
This is necessary because our reverse DNS refers to the host's name
not the service name. If your DNS is differently set up you might
be able to use a dnsdb lookup.
Tony.
--
f.a.n.finch <dot@???>
http://dotat.at/
NORTH FITZROY: NORTHEASTERLY 5 OR 6, DECREASING 3 OR 4 IN NORTH. SHOWERS.
GOOD.