Re: Sendmail TLS with multiple virtual domains

"D. Stussy" <att-spam@xxxxxxxxxxxxxxxx> writes:

On Wed, 17 May 2006, Per Hedeland wrote:
In article <1147897705.628275.8920@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> "Big
Negrow" <big.negrow@xxxxxxxxx> writes:
Unless there is something within Sendmail I am unaware of, it can only
be responsible for a single certificate to represent it's hostname.

It's impossible for any MTA to have multiple certificates without using
multiple IP addresses - the server has no way of knowing which host name
the client looked up to make the connection, so can't know which
certificate to present. I guess this could be considered a bug in the
SMTP STARTTLS spec - since the parties *do* communicate before the
establishment of the TLS session, there would have been an opportunity
for the client to inform the server about the host name (e.g. as an
argument to the STARTTLS command). But I assume that if this was
considered at all, it was deemed pointless - as you wrote in your
previous message, it shouldn't matter which host name is used for SMTP.

That's a bug? The same thing happens with web servers and HTTPS. One cannot
virtual host without having a separate IP address for each SSL-ed inbound
connection of the same port type. However, the best parallel would be if the
TCP connection came in via SMTPS, not SMTP - for I agree that connecting via
SMTP then issuing a STARTTLS command with the identity of the destination
virtual server (if it were allowed) COULD have avoided this issue.

https is _not_ same thing


smtp + starttls on smtp word

correspond

http + Upgrade: TLS on WWW -word
( See http://www.ietf.org/rfc/rfc2817.txt )


That later either do not require every virtual host to be
own ip address although TLS is used.

( On Upgrade: TLS you can send Host: -header on clear text
part before TLS is started. )


/ Kari Hurtta


.

Relevant Pages

  • Re: Exchange Server 2003 Smart Host
    ... The Google Mail enable SSL SMTP connection for clients to connect but not ... for Exchange server. ... The Exchange only support TLS for that. ...
    (microsoft.public.windows.server.sbs)
  • Re: Please Help: Additional TSL Questions
    ... It's TLS, not TSL, but that's a minor nit-pick. ... SMTP Virtual Server, Access Tab, then click on the Certificate button. ...
    (microsoft.public.exchange.admin)
  • Re: SBS2003 Exchange SMTP Connector and SSL w/ AT&T/SBC internet
    ... The TLS encryption is used when Exchange server communicate with other ... Exchange server when transfer emails via SMTP protocol. ... The connector that let you forward outbound mail to ISP is a SMTP ...
    (microsoft.public.windows.server.sbs)
  • Re: E-mail connection Problems
    ... Synchronize called (flags = 00000001) ... 08:04:49 Looking up handler for SMTP ... 08:04:51 "SMTP: Connecting to host") ... set to authenticate to the server for sending mail. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Exchange 2003 Not sending to ISPs SMTP Server
    ... When using your ISP's SMTP server as a smart host, ... For example I can send mail through RoadRunners SMTP ... >We are now taking these users who used Outlook Express ...
    (microsoft.public.windows.server.sbs)