[Dovecot] Re: separate SSL certificates for pop3s and imaps

sean finney seanius at seanius.net
Thu Jul 7 22:37:48 EEST 2005


On Thu, Jul 07, 2005 at 08:58:35PM +0300, dovecot-request at dovecot.org wrote:
> Hi,
> 
> I'm migrating a uw-imap installation to dovecot. With uw-imap I had
> different SSL certificates and keys for ipop3d and imapd. How can I
> configure dovecot to do the same with its pop3s and imaps services?

i run dovecot in a multihomed server with three different names:

mail.foo.edu
smtp.foo.edu
imap.foo.edu

which, for ssl purposes, means we need three different certs to
keep applications happy.  my approach is to start a seperate
dovecot process for each address, and manage the configuration
in three seperate files, each one telling dovecot to specifically
bind to only one address, and use a seperate runtime directory
specific to that address.  so for example, in my initscript, instead
of just doing something like:

start() {
        echo -n $"Starting $prog: "
	daemon $prog -c /etc/dovecot.conf
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}

i do something like:

start() {
        echo -n $"Starting $prog: "
        for s in imap mail smtp; do
                mkdir -p /var/run/dovecot/${s}.foo.edu
                daemon $prog -c /etc/dovecot/${s}.foo.edu.conf
        done
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}

where the value of the ssl cert config is different in each of the
files.  you could extend this to also have one config file to only
listen for pop and the other only for imap.

 
hth,
	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20050707/ae605398/attachment-0001.bin>


More information about the dovecot mailing list