The Courier mail server supports Server Name Indication (SNI), which is required to deliver the correct SSL certificates to a connecting client. However, only the GnuTLS backend supports SNI. Recent versions of OpenSSL also support SNI, but Courier lacks the code to make use of this. As the ebuild forces the use of OpenSSL, Courier on Gentoo only supports IP-based server identification, forcing users to setup a distinct IP for each virtually hosted domain. From the documentation: --with-gnutls - Use the GnuTLS library even if the OpenSSL library is also installed. The Courier mail server automatically uses whichever one is available. The OpenSSL library is selected if both are present. Use this option to override and select GnuTLS instead. Please provide a gnutls USE flag to force GnuTLS in Courier. A patch was provided in 2009 (!) in Bug 290141, but hasn't made it into the official tree for whatever the reason may be. Reproducible: Always
*** This bug has been marked as a duplicate of bug 290141 ***