Dovecot 2.4.0 local_name wildcard matching regression

27 Feb 2025

      Hi,
Using a wildcard host name in the local_name filter no longer works in
Dovecot 2.4.0. This is useful for wildcard certificates.
Example dovecot.conf:
ssl_server_cert_file = /etc/dovecot/global.cert
ssl_server_key_file = /etc/dovecot/global.key
ssl_server_dh_file = /etc/dovecot/dh.pem
...
local_name "*.example.com" {
  ssl_server_cert_file = /etc/dovecot/example.com.cert
  ssl_server_key_file = /etc/dovecot/example.com.key
}
local_name "example.com" {
  ssl_server_cert_file = /etc/dovecot/example.com.cert
  ssl_server_key_file = /etc/dovecot/example.com.key
}

The configuration is tested with:
openssl s_client -connect mail.example.com:993
openssl s_client -connect example.com:993

The first connection to mail.example.com fails because Dovecot uses the
default global.cert file.
The second test with the exact host name match works as expected.
Dovecot uses the example.com.cert file.
Similar to the previously reported multiple hosts on the same line
discrepancy, it seems that the doveconf tool still has the wildcard
matching support:
# doveconf -f local_name=mail.example.com ssl_server
ssl_server {
   cert_file = /etc/dovecot/example.com.cert
   dh_file = /etc/dovecot/dh.pem
   key_file = /etc/dovecot/example.com.key
}

Is there a new way to achieve the wildcard matching behaviour of the
local_name filter in Dovecot 2.4.0? Thanks.
--
Julius Kriukas