TLS communication director -> backend with X.509 cert checks?

Timo Sirainen tss at iki.fi
Tue Oct 13 19:37:46 UTC 2015


> On 13 Oct 2015, at 22:21, Heiko Schlittermann <hs at schlittermann.de> wrote:
> 
> Timo Sirainen <tss at iki.fi> (Di 13 Okt 2015 21:02:59 CEST):
>>> the IP address the director connects to.
>> 
>> Right. The hostnames are lost immediately at director startup. I've never really thought about needing this functionality for director, since they're usually in the same trusted network with backends..
>> 
> 
> Ooo.
> What if 
> 
>    director_mail_servers = backends.<domain>
> 
> and the DNS entry for backends.<domain> gets updated? Does the director
> catch up the change automatically w/o restart?

No, and I'm not sure it even should. Use "doveadm director ring remove" to get rid of unwanted directors.



More information about the dovecot mailing list