[Mailman-Users] what is a virtual domain?
fmouse-mailman at fmp.com
Mon Nov 19 17:11:37 CET 2012
On Tue, 2012-11-20 at 00:53 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
> > It's not unusual at all. From the point of view of DNS, there's no
> > difference between a virtual domain and a real one.
> Actually, that's not true.
I re-read Thufir's question and realized that I misunderstood it. Yes,
what he's trying to do is decidedly unusual.
> A virtual domain also is not 100% reliable for SSL/TLS
> services because basic TLS does its certificate exchange at a level
> "below" the DNS, so deciding which virtual domain's certificate to
> present is problematic (there is an extension to the protocol which
> fixes this, but it's not 100% implemented, in particular IE on XP
> still can't do it according to Wikipedia, which will kill you in Japan
> where about 1/3 of business systems are still XP-based).
Being a natural-born cheapskate, and running a _very_ small business, I
don't even have a wildcard SSL cert signing for FMP's SSL web presence.
Certificates for email SSL/TLS are self-signed by scripts which came
with the mail server (Courier-MTA). Customers who want SSL pages get a
URL under secure.fmp.com with a directory/symlink to their home
directory, and a PHP snippet in the page to deflect non-SSL accesses to
the secure URL.
> This isn't particularly relevant to people who are just plain users of
> the system, and I imagine to you it's all second-nature now, but the
> OP sounds like he's a bit into do-it-yourself so he should be aware of
> the limitations on doing tricky stuff based on a virtual domain.
I've always been a bit non-conformist in my system administration
practices, which hasn't always made things easy, but I've learned a lot.
I've never tried anything such as it seems that Thufir is working with,
Lindsay Haisley | "Fighting against human creativity is like
FMP Computer Services | trying to eradicate dandelions"
http://www.fmp.com | -- Pamela Jones
More information about the Mailman-Users