On Tue, Jan 08, 2013 at 07:58:38PM -0500, Wietse Venema wrote:
> > is there any way to set certificate / key file name depending on domain
> > name?
This problem is much harder for SMTP that HTTP, since the MTA does
not know with certainty which acceptable certificate a receiving
site is likely to have. It might have a certificate for the recipient
domain, or for the gateway name. SNI only works well when the protocol
clearly specifies the expected SSL peer. This is not the case with
SMTP, given MX record indirection and the logical separation of
the transport and application end-points (gateway vs. domain).
Thus and for other reasons it is very unlikely that Postfix
will support SNI with SMTP any time soon.
--
Viktor.
