That won't work for me. SNI support is the only solution for my scenario sinceI can't use just one SSL certificate. I haven't used Google Apps to know what you are talking about.
And I've got a feeling that the "250 response" part of your reply is just wrong - which 250 response? Certificates are validated by clients during the handshake and the connection is terminated if the verification step fails. That happens long before even the SMTP banner is emitted. - Fiona ________________________________ From: Peter <pe...@pajamian.dhs.org> To: postfix-users@postfix.org Sent: Sunday, May 6, 2012 8:14 PM Subject: Re: TLS SNI support? On 07/05/12 14:21, Fiona Hines wrote: > How do I get TLS SNI support in Postfix? I can't find any documentation > on the subject except a few discussions that are several years old. > I've got TLS working with one domain but I want to expand it to an > unknown number of domains and I don't care if the mail client lacks > support for SNI. You don't need SNI support for multiple domains, you simply need to have your common name (CN) in the certificate match the 250 response of your server. If SNI was required then services like google apps would be in trouble. Peter
