Cert for ip range?

Marc Roos M.Roos at f1-outsourcing.eu
Sun Dec 1 21:34:29 EET 2019 

How can I bind the managesieve to the internal use network/interface?

service managesieve-login {
  inet_listener sieve {
    address = 192.168.10.0/24
    port = 4190
  }


-----Original Message-----
From: Mark Moseley via dovecot [mailto:dovecot at dovecot.org] 
Sent: woensdag 27 november 2019 22:06
To: Aki Tuomi
Cc: Mark Moseley via dovecot
Subject: Re: Cert for ip range?

On Wed, Nov 27, 2019 at 11:31 AM Aki Tuomi <aki.tuomi at open-xchange.com> 
wrote:



	> On 27/11/2019 21:28 Mark Moseley via dovecot 
<dovecot at dovecot.org> wrote:
	> 
	> 
	> On Tue, Nov 26, 2019 at 11:22 PM Aki Tuomi via dovecot 
<dovecot at dovecot.org> wrote:
	> > 
	> >  On 21.11.2019 23.57, Marc Roos via dovecot wrote:
	> >  > Is it possible to configure a network for a cert instead of 
an ip?
	> >  >
	> >  > Something like this:
	> >  >
	> >  > local 192.0.2.0 {
	> >  > ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem
	> >  > ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem
	> >  > }
	> >  >
	> >  > Or
	> >  >
	> >  > local 192.0.2.0/24 (http://192.0.2.0/24) {
	> >  > ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem
	> >  > ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem
	> >  > }
	> >  >
	> >  > https://wiki.dovecot.org/SSL/DovecotConfiguration
	> >  >
	> >  >
	> >  >
	> >  
	> >  Local part supports that.
	> >  
	> >  Aki
	> 
	> 
	> On the same topic (though I can start a new thread if 
preferable), it doesn't appear that you can use wildcards/patterns in 
the 'local' name, unless I'm missing something--which is quite likely.
	> 
	> If it's not possible currently, can I suggest adding that as a 
feature? That is, instead of having to list out all the various SNI 
hostnames that a cert should be used for (e.g. "local pop3.example.com 
(http://pop3.example.com) imap.example.com (http://imap.example.com) 
pops.example.com (http://pops.example.com) pop.example.com 
(http://pop.example.com) .... {" -- and on and on), it'd be handy to be 
able to just say "local *.example.com (http://example.com) {" and call 
it a day. I imagine there'd be a bit of a slowdown, since you'd have to 
loop through patterns on each connection (instead of what I assume is a 
hash lookup), esp for people with significant amounts of 'local's.
	>
	
	Actually that is supported, but you need to use v2.2.35 or later. 
	
	


Ha, it literally *never* fails (that there's some option I've overlooked 
10 times, before asking on the list)

'local' vs 'local_name'. Never noticed the difference before in the 
docs. Might be worth adding a blurb in 
https://wiki.dovecot.org/SSL/DovecotConfiguration that 'local_name' 
takes '*'-style wildcard (at least in the beginning of the hostname). 
I'll resume my embarrassed silence now. :)

More information about the dovecot mailing list