On Tue, Jun 16, 2015 at 10:09:22AM +0200, Christian Rohmann wrote:
> When running multiple smtpd services on different IPs and with different
> SSL-certifices (I believe there still is no SNI support in postfix? ->
> http://www.postfix.org/TLS_README.html -> "There are no plans to
> implement SNI in the Postfix SMTP server. ")
Indeed there is no server-side SNI support, but you generally don't
need a "matching" certificate with SMTP. Most SMTP clients don't
verify certificates of SMTP servers. And many that do, just look
for the MX hostname, which can the same across multiple hosted
domains. What is the specific use-case where this seems to be
necessary?
> the individually set
> process limits work fine, but they add up quickly. Even IPv4 and IPv6
> create two listeners for the same job already making it difficult to
> pick sensible individual limits.
IIRC you can halve the number of listeners by using a hostname
instead of an address in master.cf, and assigning both the IPv4
and IPv6 address to each host that needs both.
> I'm keen to allow the individual listener to grow to let's say 1000
> processes, but don't want to allow them ALL to grow that large at the
> same time.
There is no feature of master(8) that can set a process limit for
"pools" of services smaller than the sum of the indivual limits.
--
Viktor.
