dovecot.conf "local hostname" uses only one resolved value

James list at xdrv.co.uk
Thu Mar 14 18:41:58 EET 2019


https://wiki.dovecot.org/SSL/DovecotConfiguration#Different_certificates_per_IP_and_protocol

says:
local 192.0.2.10 { # instead of IP you can also use hostname, which will 
be resolved

However if the name resolves to multiple values only one is used.

Test.
Choose any name with multiple values, I created a local name:

$ nslookup multi.lan
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   multi.lan
Address: 192.168.1.2
Name:   multi.lan
Address: 192.168.1.3
Name:   multi.lan
Address: 192.168.1.1


Minimal dovecot.conf:

local multi.lan {
   protocol imap {
     ssl_cert = </path/to/certs/multi.lan.crt
     ssl_key  = </path/to/certs/multi.lan.key
   }
}

$ dovecot -n -c dovecot.conf
# 2.3.5 (513208660): dovecot.conf
...
local 192.168.1.2 {
   protocol imap {
     ssl_cert = </path/to/certs/multi.crt
     ssl_key = # hidden, use -P to show it
   }
}

Only 192.168.1.2 appears.

In my real case with A and AAAA records, only the AAAA record is used. 
Testing with "openssl s_client -starttls imap ..."  gives me the wrong 
certificate for the IPv4 address.  Workaround: specify all addresses and 
do not use lookup.



James.




More information about the dovecot mailing list