On Wed, Mar 26, 2014 at 11:21:32PM +0100, Pau Peris wrote:
> Just one last question. Do you think I could set postfix to use multiple
> certificates and their respective private keys so when a client connects
> to example.com Postfix makes use of example.crt certificate but when
> connecting to example2.com Postfix makes use of example2.crt?
There is no server-side SNI support in Postfix. MX records obviate
the need to jump through this hoop for MTA to MTA traffic. While
this is perhaps a bit more useful for submission, the code to
support server-side SNI has not been developed.
If you want multiple TLS personalities, you need multiple TCP
endpoints, with differently configured smtpd(8) processes for each
domain.
It would be nice if MUAs implement SRV records for imap and
submission, there's a draft RFC for it, but most MUAs are rather
old and nobody is actively adding new features to them.
--
Viktor.
