Re: Multiple IP addresses and certificate "common name"

---

• From: "Taylor, Grant" <gtaylor@xxxxxxxxxxxxxxxxx>
• Date: Fri, 02 Jun 2006 17:15:04 -0500

---

Unless I'm missing something, one defines a single certificate for a
sendmail server. But a single certificate has a single "common name". At
least in the HTTP world, that common name contains the hostname. A
failure to match the hostname to common name causes a warning.

What about the case where a sendmail server has multiple interfaces (and
therefore multiple names)? How is that case handled? Or is "common name"
not used this way for SMTP?

I do not know for sure, but I suspect that you would have to do the same thing with Sendmail that you would have to do with your HTTP server. You will need to run Sendmail on multiple interfaces, which you say you are, with a separate server certificate for each interface (presuming that there is only one interface per name). I don't know if it is possible to specify different certificate files for specific interfaces or if you will be running multiple instances of sendmail, one per interface with it's distinct server certificate.

If you do end up having to run multiple instances of Sendmail I'd make sure that each was using a different queue. It would be possible to have multiple simple generic Sendmail daemons running that would relay for the domain for the interface the daemon is running on. Configure all the simple relay Sendmail daemons to relay to your central ""Main Sendmail daemon and let it continue to deliver to your mail store. This type of topology will allow you to have one complex main daemon that is doing most of / all of your Virus / Spam filtering. If you do your filtering during the SMTP transaction, your main Sendmail daemon would reject the messages, thus causing each spoke Sendmail daemon to be responsible for sending out DSNs (a.k.a. bounces). This would make the DSNs appear to be from the correct mail server with the correct server certificate too.

If you take this approach, you may want to put something in place (Mailertable?) that will make your central Sendmail daemon send outbound email through the correct spoke Sendmail daemon.



Grant. . . .

.

---

• Follow-Ups:
  • Re: Multiple IP addresses and certificate "common name"
    • From: Andrew Gideon
  • Re: Multiple IP addresses and certificate "common name"
    • From: Per Hedeland

• Prev by Date: Multiple IP addresses and certificate "common name"
• Next by Date: Re: Problems with new version of Sendmail 8.13.6
• Previous by thread: Re: Multiple IP addresses and certificate "common name"
• Next by thread: Re: Multiple IP addresses and certificate "common name"
• Index(es):
  • Date
  • Thread

---

Relevant Pages Multiple IP addresses and certificate "common name" ... But a single certificate has a single "common name". ... What about the case where a sendmail server has multiple interfaces (and ... (comp.mail.sendmail) Re: Find every instance of hostname ... This will find all ext3 files on your system and search them ... As root: ... The hostname is both common and short. ... (Fedora) Re: Find every instance of hostname ... On Saturday 26 August 2006 19:45, Dean S. Messing wrote: ... This will find all ext3 files on your system and search them ... The hostname is both common and short. ... (Fedora) RE: Display name different from hostname ... Stephen Carville wrote: ... Is there a way to have the shell prompt display the common ... instead of the hostname? ... (RedHat)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.mail.sendmail  > 2006-06