Re: [exim] TLS: different certificats for different interfac…

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Patrick von der Hagen
CC: exim-users
Subject: Re: [exim] TLS: different certificats for different interfaces?
On Thu, 6 Oct 2005, Patrick von der Hagen wrote:
>
> I can't find an option to tell exim to use different certificates for
> different interfaces. :-(


The tls_certificate option is expanded. A slightly over-engineered example:

CERTS    = /opt/dist/certs
NAME    = ${extract {name}{PARAM} {$value} {localhost} }
PARAM    = ${lookup {$interface_address} cdb {DB/addrparams.cdb} }


tls_certificate        = CERTS/server/NAME


/opt/dist/certs/server contains certificates in files called e.g.
smtp.hermes.cam.ac.uk and the addrparams db contains entries like

131.111.8.150    name=smtp.hermes.cam.ac.uk  acl=submit  msgsizelim=25M
                   domain=hermes.cam.ac.uk  friendly=hermes_names


For more examples about parametrizing Exim's configuration based on
$interface_address, see
http://www.cus.cam.ac.uk/~fanf2/hermes/doc/talks/2005-02-eximconf/

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}