Hi,
A number of our zimbra customers deploy where they are hosting accounts for
multiple domains (At least one client hosts over 100,000 domains). These
deployments generally use a single set of MTAs for their MX records, which
works fine as long as TLS is not involved. However, with the increasing
desire for security, our clients are becoming quite interested in enabling
TLS at the smtpd layer.
At this time, it appears Postfix only accepts a single TLS key/cert pair
for the smtpd process. Any thoughts on how to handle multi-domain support
requirements for the smtpd process?
Example (domains etc obfuscated):
quanah@zre-ldap001:~$ dig domain1 mx
domain1. 86223 IN MX 10 mail-relay1.domain1
domain1. 86223 IN MX 20 mail-relay2.domain1
quanah@zre-ldap001:~$ dig mail-relay1.domain1
mail-relay1.domain1 86379 IN A X.X.X.31
quanah@zre-ldap001:~$ dig mail-relay2.domain1
mail-relay2.domain1 86400 IN A X.X.X.15
quanah@zre-ldap001:~$ dig domain2 mx
domain2. 86317 IN MX 20 sky.domain1.
domain2. 86317 IN MX 10 mail.domain2.
mail.domain2. 86317 IN A X.X.X.31
quanah@zre-ldap001:~$ dig sky.domain1
sky.domain1. 86400 IN A X.X.X.15
quanah@zre-ldap001:~$ dig domain3 mx
domain3. 86400 IN MX 10 mail.domain2.
domain3. 86400 IN MX 20 sky.domain1.
etc.
Or is my only option to do something like set up multiple IPs for postfix,
with an smtpd assigned to each IP? Something like:
10.0.0.101:25 inet . . . smtpd
-o smtpd_tls_cert_file=domain1.pem
-o smtpd_tls_key_file=domain1.key
10.0.0.102:25 inet . . . smtpd
-o smtpd_tls_cert_file=domain2.pem
-o smtpd_tls_key_file=domain2.key
10.0.0.103:25 inet . . . smtpd
-o smtpd_tls_cert_file=domain3.pem
-o smtpd_tls_key_file=domain3.ky
Thanks,
Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
