I am still on 2.3 however i think its just a dot, not a *.

local_name .scom.ca { ssl_key =</usr/local/etc/dovecot/scom.pem ssl_cert =</usr/local/etc/dovecot/scom.pem ssl_ca =</usr/local/etc/dovecot/scom.pem

maybe try that.

Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)

Have A Happy Saturday !!!

Scom.ca Internet Services <http://www.scom.ca> 004-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3

Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca

On 2025-02-27 9:09 a.m., Julius Kriukas via dovecot wrote:

Hi,

Using a wildcard host name in the local_name filter no longer works in Dovecot 2.4.0. This is useful for wildcard certificates.

Example dovecot.conf:

ssl_server_cert_file = /etc/dovecot/global.cert
ssl_server_key_file = /etc/dovecot/global.key
ssl_server_dh_file = /etc/dovecot/dh.pem
...
local_name "*.example.com" {
  ssl_server_cert_file = /etc/dovecot/example.com.cert
  ssl_server_key_file = /etc/dovecot/example.com.key
}
local_name "example.com" {
  ssl_server_cert_file = /etc/dovecot/example.com.cert
  ssl_server_key_file = /etc/dovecot/example.com.key
}

The configuration is tested with:

openssl s_client -connect mail.example.com:993
openssl s_client -connect example.com:993

The first connection to mail.example.com fails because Dovecot uses the default global.cert file.

The second test with the exact host name match works as expected. Dovecot uses the example.com.cert file.

Similar to the previously reported multiple hosts on the same line discrepancy, it seems that the doveconf tool still has the wildcard matching support:

# doveconf -f local_name=mail.example.com ssl_server
ssl_server {
   cert_file = /etc/dovecot/example.com.cert
   dh_file = /etc/dovecot/dh.pem
   key_file = /etc/dovecot/example.com.key
}

Is there a new way to achieve the wildcard matching behaviour of the local_name filter in Dovecot 2.4.0? Thanks.