[Mailman-Users] what is a virtual domain?

[Lindsay Haisley]

On Tue, 2012-11-20 at 00:53 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
> 
>  > It's not unusual at all.  From the point of view of DNS, there's no
>  > difference between a virtual domain and a real one.
> 
> Actually, that's not true.

I re-read Thufir's question and realized that I misunderstood it.  Yes,
what he's trying to do is decidedly unusual.

> A virtual domain also is not 100% reliable for SSL/TLS
> services because basic TLS does its certificate exchange at a level
> "below" the DNS, so deciding which virtual domain's certificate to
> present is problematic (there is an extension to the protocol which
> fixes this, but it's not 100% implemented, in particular IE on XP
> still can't do it according to Wikipedia, which will kill you in Japan
> where about 1/3 of business systems are still XP-based).

Being a natural-born cheapskate, and running a _very_ small business, I
don't even have a wildcard SSL cert signing for FMP's SSL web presence.
Certificates for email SSL/TLS are self-signed by scripts which came
with the mail server (Courier-MTA).  Customers who want SSL pages get a
URL under secure.fmp.com with a directory/symlink to their home
directory, and a PHP snippet in the page to deflect non-SSL accesses to
the secure URL.

> This isn't particularly relevant to people who are just plain users of
> the system, and I imagine to you it's all second-nature now, but the
> OP sounds like he's a bit into do-it-yourself so he should be aware of
> the limitations on doing tricky stuff based on a virtual domain.

I've always been a bit non-conformist in my system administration
practices, which hasn't always made things easy, but I've learned a lot.
I've never tried anything such as it seems that Thufir is working with,
though.

-- 
Lindsay Haisley       | "Fighting against human creativity is like 
FMP Computer Services |   trying to eradicate dandelions"
512-259-1190          |
http://www.fmp.com    |       -- Pamela Jones