Hello,
I'm pretty sure neither Perdition nor Dovecot can use SSL certificates
based on which IP address the connection is received on, right?
Of course firing up multiple instances of Perdition with separate config
files binding them to their respective IPs is possible, but lacks a bit of
elegance. And of course requires hacking/adding startup scripts, which in
turn has the tendency to bite ones behind when it comes to installing
security fix packages or entirely new versions. I'm not even sure
if /var/run would be only place where multiple Perdition instances would
step onto each others toes.
Regards,
Christian
--
Christian Balzer Network/Systems Engineer
chibi(a)gol.com Global OnLine Japan/Fusion Communications
http://www.gol.com/
I've got an existing Perdition proxy that I need to clone, and layer
on some more complexity to.
The existing setup uses a simple regex setup to farm incoming
connections to different servers based on username.
Conf:
map_library /usr/local/lib/libperditiondb_posix_regex.so.0
inetd_mode
popmap.re
^[0-9]: num.mail.domain.com
^[a,A]: a.mail.domain.com
^[b,B]: b.mail.domain.com
etc, etc
Users login with just a username, no domain info is present in their
login. The mailservers they're directed to don't expect domain info
in the login.
What I've been asked to do on the new server is to require users to
login as user(a)domain.com and I have to bolt in support for a couple
dedicated subdomains.
My current conf:
map_library /usr/local/lib/libperditiondb_posix_regex.so.0
S remote_login
popmap.re:
(^[0-9])(a)domain.com: num.mail.domain.com
(^[a,A])(a)domain.com: a.mail.domain.com
(^[b,B])(a)domain.com: b.mail.domain.com
...
(.*)(a)subdomain1.domain.com: subdomain1.domain.com
(.*)(a)subdomain2.domain.com: subdomain2.domain.com
The subdomain entries work. The massaged load distribution regexs
from the original setup fail noting that perdition couldn't determine
a proper outbound server. Anyone have suggestions for a cleaner regex
to try?
Josh C
