Sorry that should have been telnet ip 587 not telnet ip 25 as you can
not connect to port 25.
Regards

On Wed, Nov 21, 2012 at 2:13 AM, Ali Jawad <alijaw...@gmail.com> wrote:
> On a seperate but related note, I did notice that even though I
> connect on differnet IPs using telnet IP 25 I always get the default
> myhostname, the -o myhostname setting overwrite that value ?
> Regards
>
> On Wed, Nov 21, 2012 at 1:43 AM, Ali Jawad <alijaw...@gmail.com> wrote:
>> Hi Victor
>> Thank you for the input my master.cf looks as follows now :
>>
>> x.x.x.x:smtp inet n - n - - smtpd
>>         -o myhostname=mail.domain.com
>>         -o smtpd_tls_key_file=/etc/postfix/domainssl/mail.domain.com.key
>>         -o smtpd_tls_cert_file=/etc/postfix/domainssl/mail.domain.com.crt
>>
>> with this setting I still do get only the certificate of the
>> certificate defined in /etc/main.cf, if I remove the certificatet in
>> /etc/main.cf I only get
>>
>>
>> Nov 21 00:41:42 root379 postfix/smtpd[18650]: warning: No server certs
>> available. TLS won't be enabled
>>
>> In logs.
>>
>> Please advice.
>>
>> On Wed, Nov 21, 2012 at 1:24 AM, Viktor Dukhovni
>> <postfix-us...@dukhovni.org> wrote:
>>> On Wed, Nov 21, 2012 at 01:03:28AM +0200, Ali Jawad wrote:
>>>
>>>> Hi
>>>> I have a postfix with 7 domains and 7 IPs, each domain has it's own IP
>>>> and everything is running fine, up till now I had one certificate for
>>>> all domains in the following fashion in main.cf
>>>>
>>>> smtpd_use_tls = yes
>>>> smtpd_tls_auth_only = yes
>>>> smtpd_tls_cert_file = /etc/postfix/domainssl/domain.crt
>>>> smtpd_tls_key_file = /etc/postfix/domainssl/domain.key
>>>> smtpd_tls_CAfile = /etc/postfix/domainssl/comodo_CA.txt
>>>>
>>>> This is domain.crt is a valid certificate and for this particular
>>>> domain it does not throw errors, however for all the remaining domains
>>>> I get hostname mismatch errors.
>>>>
>>>> So far so good,  I did purchase certificates for the remaining domains
>>>> and did some research and read through the list and based on what I
>>>> understood all I need to do is the add the below to master.cf and
>>>> remove smtpd_tls_cert_file and smtpd_tls_key_file and smtpd_tls_CAfile
>>>> from main.cf, and then add the below as said per domain to master.cf
>>>>
>>>> ip.ip.ip.ip:smtp inet n - n - - smtpd -o myhostname=mail.domain2.com
>>>> -o smtpd_tls_wrappermode=yes     -o
>>>> smtpd_tls_key_file=/etc/postfix/domainssl/mail.domian2.com.key   -o
>>>> smtpd_tls_cert_file=/etc/postfix/domainssl/mail.domain2.com.crt  -o
>>>> smtpd_tls_CAfile=/etc/postfix/domainssl/comodo_CA.txt
>>>
>>> See the master.cf documentation, long lines are continued by
>>> prepending leading whitespace on the continuation lines:
>>>
>>>     192.0.2.1:smtp inet n - n - - smtpd
>>>         -o myhostname=mail.example.com
>>>         -o 
>>> smtpd_tls_cert_file=/etc/postfix/domainssl/cert-mail.example.com.pem
>>>         -o 
>>> smtpd_tls_key_file=/etc/postfix/domainssl/key-mail.example.com.pem
>>>
>>> - Do make sure all the cert and key files are in PEM format.
>>> - Do append the PEM certificates of all intermediate CAs to the
>>>   the server certificate file in order from leaf to root:
>>>
>>>         ----- BEGIN ...
>>>         base64-encoded server cert
>>>         ----- END ...
>>>         ----- BEGIN ...
>>>         base64-encoded intermediate cert that signed previous cert
>>>         ----- END ...
>>>         ----- BEGIN ...
>>>         base64-encoded intermediate cert that signed previous cert
>>>         ----- END ...
>>>         ----- BEGIN ...
>>>         optional base64-encoded root cert, typically leave it out
>>>         ----- END ...
>>>
>>> - DO NOT enable wrappermode on a port 25 SMTP server.
>>> - DO NOT define the CAfile in master.cf, it is the same for all the
>>>   certificates, and is typically not needed at all, but can in any
>>>   case be set in main.cf The CA file if used should contain PEM encoded
>>>   root CA certificates.
>>>
>>> So these options should NOT be set:
>>>
>>>         # -o smtpd_tls_wrappermode=yes
>>>         # -o smtpd_tls_CAfile=/etc/postfix/domainssl/comodo_CA.txt
>>>
>>> When you change master.cf, you need to "reload" postfix for the
>>> changes to take effect.
>>>
>>> --
>>>         Viktor.

Reply via email to