> On 19/04/12 14:26, Sam Varshavchik wrote:
> >> That postfix config example allowed for MULTIPLE bindings to
> >> MULTIPLE IPs with each providing it's own outgoing hostname and
> >> SSL certificate.
> > You're using client certificates to authenticate your outbound SSL
> > connections?
> Sorry Sam, now I see what I did not explain properly. It's for incoming
> SMTPS connections on port 465 so that when a client connects to the
> server they can use "theirdomain.com" for the outgoing mailserver with
> their own "theirdomain.com" SSL cert.
It doesn't matter what certificate THEY use, as long as the certificate is
signed by the CA that Courier knows about. You don't need multiple IPs just
for that. They can all use the same IP address, as long as their cert's
signing CA is trusted.
> When the message gets delivered it appears to the recipient as if coming
> from theirdomain.com and passes all SPF and eyeball checks as to looking
> like it really did come from the theirdomain.com mailserver with no hint
> of any other domainname involved, including the canonical server hostname.
> The "magic" is that there can be MULTIPLE virtual hosts on the same
> physical server all providing their own masqueraded identities with the
> sending clients connecting to what they think is their own mailserver
> and for all intents and purposes, they are.
That's something completely different. You need to keep track of which IP
address the message was received at, if you're listening to multiple IP
addresses, then use the same IP address for outgoing mail, and know which
HELO address to use for which one. That's what I think you're trying to do.
There's no code right now to do anything like that. Using a different
/server/ certificate for SSL, based on the IP address, works the same for
SMTP as it does for IMAP. That can be done. But doing something like this is
a different ball of wax. It would be possible to implement something like
that – but at the moment this does not exist.