I managed to get multiple SSL certs working on multiple virtual IPs on the same server so vhost domains appeared to be completely independent from the base server. I'd like an opinion as to whether this is the right or best way to do this... domain1.com = 12.34.56.78
/etc/postfix/master.cf 12.34.56.78:smtps inet n - - - - smtpd -o myhostname=domain1.com -o smtpd_tls_wrappermode=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o smtpd_tls_cert_file=/etc/postfix/domain1.com.crt -o smtpd_tls_key_file=/etc/postfix/domain1.com.key -o smtpd_tls_CAfile=/etc/postfix/domain1.com.ca 12.34.56.78- unix - n n - - smtp -o smtp_bind_address=12.34.56.78 -o smtp_bind_address6= -o smtp_address_preference=ipv4 The above seems to work for clients when sending out mail via SSL port 465 and the recipients mail shows nothing to do with the base server and it's real hostname. Very cool. However a connecting MTA on port 25 still gets a 220 realhostname when connecting to 12.34.56.78 so would this work? 12.34.56.78:smtp inet n - - - - smtpd -o myhostname=domain1.com Any thoughts or suggestions on how to improve this strategy?
