List Info

Thread: IP based virtual hosts domainkeys and SSL
IP based virtual hosts domainkeys and SSL
country flaguser name
United States		 2007-05-25 09:59:20 
I'm wondering if Surgemail supports SSL with IP based
virtual mail hosts
and domain-keys (DKIM) for IP based virtual hosts.  It
doesn't appear so.

Surgemail would need to allow us to specify a key/cert (PEM)
file for
each IP based virtual host.  Then when a domain sender sends
mail from
that domain, it would use the appropriate key.

The same thing goes for IP based virtual host SSL
connections.  ie:
When a user connects to SSL based pop on port 995 or uses
TLS, Surgemail
would use the appropriate key from the IP base virtual
host.

Possible?  Right now it doesn't seem to fit well for those
of us that
host multiple domains that want DKIM and SSL support as the
domain
hosts/IP's won't match the keys/cert pairs.

-- 
Robert Blayzor, BOFH
INOC, LLC
rblayzor(inoc.net|gmail.com)
PGP: 0x66F90BFC  http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720  292A 8580 500E
66F9 0BFC

I am still waiting for the advent of the computer science
groupie.
Re: IP based virtual hosts domainkeys and SSL
country flaguser name
United States		 2007-05-27 17:20:12 
Surgemail does support ssl on a per domain basis using ip
based domains yes. 
See the setting:
g_ssl_per_domain

I'm not sure if and how this ties in to domain keys though.
Let us know how 
you go.

Marijn
----- Original Message ----- 
From: <surgemail-listnetwinsite.com>
Newsgroups: netwin.surgemail
Sent: Saturday, May 26, 2007 2:59 AM
Subject: [SurgeMail List] IP based virtual hosts domainkeys
and SSL


> I'm wondering if Surgemail supports SSL with IP based
virtual mail hosts
> and domain-keys (DKIM) for IP based virtual hosts.  It
doesn't appear so.
>
> Surgemail would need to allow us to specify a key/cert
(PEM) file for
> each IP based virtual host.  Then when a domain sender
sends mail from
> that domain, it would use the appropriate key.
>
> The same thing goes for IP based virtual host SSL
connections.  ie:
> When a user connects to SSL based pop on port 995 or
uses TLS, Surgemail
> would use the appropriate key from the IP base virtual
host.
>
> Possible?  Right now it doesn't seem to fit well for
those of us that
> host multiple domains that want DKIM and SSL support as
the domain
> hosts/IP's won't match the keys/cert pairs.
>
> -- 
> Robert Blayzor, BOFH
> INOC, LLC
> rblayzor(inoc.net|gmail.com)
> PGP: 0x66F90BFC  http://pgp.mit.edu
> Key fingerprint = 6296 F715 038B 44C1 2720  292A 8580
500E 66F9 0BFC
>
> I am still waiting for the advent of the computer
science groupie.
>
>
Re: IP based virtual hosts domainkeys and SSL
country flaguser name
United States		 2007-05-28 12:52:39 
Surgemail Support (Marijn) wrote:
> Surgemail does support ssl on a per domain basis using
ip based domains
> yes. See the setting:
> g_ssl_per_domain


Yes, it does, but that means EVERY domain runs SSL.  This
would be
better suited under the actual domain settings, ie:

ssl_enable BOOL

and

use_domainkey BOOL


Then it would be truly optional "per domain".  The
above meaning that if
 ssl is not enabled on the IP based virtual host that
sockets are not
even opened.  That's a small issue really.

As far as the domain keys, those need work on per virtual
domain as
well.  There should be a few options for that as well, per
domain of course.


ie:

domainkey_selector STRING - define a DK DNS selector per IP
based
virtual host

domainkey_headers STRING - each host may have it's own
selector, if this
is not specified, use the global setting/default.

domainkey_authonly BOOL - only sign messages for
authenticated users.
This means username+password pairs only, not x.x.x.xip.



It's just that the global settings don't always make sense
when it comes
to finding all the options under a virtual domain, they
should be under
the virtual domain configurations options.  Having them
under global
setting strings seems a bit confusing.

-- 
Robert Blayzor, BOFH
INOC, LLC
rblayzor(inoc.net|gmail.com)
PGP: 0x66F90BFC  http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720  292A 8580 500E
66F9 0BFC

Mac OS X. Because making Unix user-friendly is easier than
debugging
Windows.
Re: IP based virtual hosts domainkeys and SSL
country flaguser name
United States		 2007-05-28 12:55:51 
Surgemail Support (Marijn) wrote:
> Surgemail does support ssl on a per domain basis using
ip based domains
> yes. See the setting:
> g_ssl_per_domain
> 
> I'm not sure if and how this ties in to domain keys
though. Let us know
> how you go.


The other thing that is odd is that in the documentation it
claims:

"To turn off domainkeys for some domains see the per
domain setting,
domainkeys_disable. Se
e domainkeys.htm for more info.
Sign outgoing messages (create a key first using web admin)
g_domainkeys_sign bool
"


Yet there is nothing on "domainkeys_disable"
anywhere.  Even pulling a
"strings" on the surgemail binary yeilds no hits
for
"domainkeys_disable" other than that help text. 
So does it exist or not?

-- 
Robert Blayzor, BOFH
INOC, LLC
rblayzor(inoc.net|gmail.com)
PGP: 0x66F90BFC  http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720  292A 8580 500E
66F9 0BFC

"Reality continues to ruin my life." - Calvin and
Hobbes
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )