Δημήτριος Καραπιπέρης wrote:
Basically, server is not expecting any kind of domain on ssl handshake, but what if the server can serve more than one cert, so that clients using mail1.dom.gr and mail2.dom.gr , which resolve to the same dovecot instance but from different network segments could be certified.
mail1.dom.gr -> 10.65.0.45 (private one) mail2.dom.gr -> 84.205.252.78 (random numbers)
In essence, it is the same dovecot instance.
I should imagine that you can achieve this using an external SSL wrapper such as stunnel?
OR
You could use firewall rules to redirect incoming connections to
different local ports depending on where the connection originates.
Then setup appropriate config on each port to serve a different cert
This setup does sound workable
Ed W