Viktor, Thank you for your reply.
I have tried this many different ways and to be honest, I was just hoping someone would point me in the right direction. I have followed the instructions in smtp_tls_chain_files to no avail. I'm just trying to get all 4 keys/certs working with all 4 domains so I can get smtp to work properly, but I always seem to be missing a small piece of the puzzle. Any help would be greatly appreciated. Brian ________________________________ From: Viktor Dukhovni via Postfix-users <[email protected]> Sent: Friday, August 15, 2025 2:10 AM To: [email protected] <[email protected]> Subject: [pfx] Re: I need help with postfix failing my multiple domain setup On Thu, Aug 14, 2025 at 10:59:05PM +0000, King o Hill via Postfix-users wrote: > SNI is failing and falling back to the $myhostname certificate despite > a correct configuration. > > alias_database = hash:/etc/aliases > ... > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > smtpd_milters = inet:localhost:8891 > smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated > defer_unauth_destination > smtpd_tls_chain_files = regexp:/etc/postfix/sni_map_regex I'm surprised you have any certificate at all. That's not a supported syntax for "smtpd_tls_chain_files". Nor are regexp tables generally a good idea for the "tls_server_sni_maps" parameter that does employ a lookup table. The table results are: a. Contain sensitive key material, and should be readable by the root user only. b. Are often large and base64 encoded, so not well suited as regexp or PCRE table values. See: http://www.postfix.org/postconf.5.html#tls_server_sni_maps Why do you believe you need to use regular expressions to choose the appropriate server key and certificate chain??? -- Viktor. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
