Dovecot 2.4.0
- Thread starter Tntdruid
- Start date
- Joined
- Aug 30, 2021
- Messages
- 1,197
We are still waiting for the official Dovecot developers position regarding the wildcard SNI feature support. It might turn out that this feature was removed intentionally 
.
We would like users to test out Dovecot 2.4.0 and collect feedback before we switch to this version as a default. It brings quite a lot of changes and improvements. However, without the wildcard SNI support, it is not really useful for bigger servers.
To help users try out Dovecot 2.4.0, we have added our own patch to the Dovecot 2.4.0 sources that restores the wildcard SNI functionality. An update with the patch is released.
.We would like users to test out Dovecot 2.4.0 and collect feedback before we switch to this version as a default. It brings quite a lot of changes and improvements. However, without the wildcard SNI support, it is not really useful for bigger servers.
To help users try out Dovecot 2.4.0, we have added our own patch to the Dovecot 2.4.0 sources that restores the wildcard SNI functionality. An update with the patch is released.
- Joined
- Aug 30, 2021
- Messages
- 1,197
@Tntdruid, things to check:
The Dovecot 2.4.0 SNI config have slightly different structure than old Dovecot.
Example from Dovecot 2.3.x
Example from Dovecot 2.4.0
Quick way to test SNI from the server CLI:
If the problem is present please open a support ticket so we could check it out on your server.
- DA version, patch is included in DirectAdmin 1.674
a5f0c3034ac3c5f9a5ef6b5fdae60c02eda403fa - Disable local Dovecot customizations in (remove or rename the
/usr/local/directadmin/custombuild/custom/dovecotdirectory) - Disable custom SNI config template (remove or rename the
/usr/local/directadmin/data/templates/custom/dovecot_sni_2.4.conffile)
The Dovecot 2.4.0 SNI config have slightly different structure than old Dovecot.
Example from Dovecot 2.3.x
/etc/dovecot/conf/sni/example.com.conf:
Code:
local_name "*.example.com example.com" {
ssl_cert = </usr/local/directadmin/data/users/jonas/domains/example.com.combined
ssl_key = </usr/local/directadmin/data/users/jonas/domains/example.com.key
}Example from Dovecot 2.4.0
/etc/dovecot/conf/sni/example.com.conf:
Code:
local_name "*.example.com" {
ssl_server_cert_file = /usr/local/directadmin/data/users/jonas/domains/example.com.cert.combined
ssl_server_key_file = /usr/local/directadmin/data/users/jonas/domains/example.com.key
}
local_name "example.com" {
ssl_server_cert_file = /usr/local/directadmin/data/users/jonas/domains/example.com.combined
ssl_server_key_file = /usr/local/directadmin/data/users/jonas/domains/example.com.key
}Quick way to test SNI from the server CLI:
Code:
# echo QUIT | openssl s_client -connect localhost:993 -servername example.com 2>&1 | grep 'subject='
subject=CN = *.example.com
# echo QUIT | openssl s_client -connect localhost:993 -servername mail.example.com 2>&1 | grep 'subject='
subject=CN = *.example.com
root@julius:~# echo QUIT | openssl s_client -connect localhost:993 -servername does.not.exist 2>&1 | grep 'subject='
subject=CN = server.hostname.comIf the problem is present please open a support ticket so we could check it out on your server.
Last edited: