On 06 Nov 2014, at 23:35, Sven Köhler <sven.koeh...@gmail.com> wrote:
> Hi, > > does PostFix support TLS SNI (server name indication) now? I have found > some discussion, mostly saying that it might be implemented, but there > were several issues: > > 1) Mail clients don't seems to support it. > 2) Other MTAs don't seem to support it. > 3) There are no standards concerning SNI for MTAs talking to each other. > 4) How Postfix might be able to access the certificates after dropping > priviledges. > > > I'd like to use Thunderbird (which seems to support SNI) together with > Postfix on port 587 (submission only) and I'd like Postfix to choose > from several (below 10) certificates based on the indicated server name. > > I don't have the option to buy one IP per hostname that I want to > support. As we all know, IPv4 addresses are expensive as they are not > many of them left. > > Also, Exim seems to support SNI but I don't really want to switch. You should be able to use a multi-domain certificate. Doesn't require SNI support, doesn't make assumptions about client support. You'll still have a single hostname for the server itself and the Postfix instance that runs on it, but it'll see all the other hostnames included on there as valid, too. Mvg, Joni
