Eric Abrahamsen:
> > TLS? In that case you also need two tlsproxy services, each with
> > their own certificate stuff.
> >
> > 1.2.3.5:smtp inet n - n - 1 postscreen
> > -o tlsproxy_service_name=tlsproxy_1.2.3.5
> > -o smtpd_service_name=smtpd_1.2.3.5
> > -o syslog_name=postfix/1.2.3.5
> > smtpd_1.2.3.5 pass - - n - - smtpd
> > -o syslog_name=postfix/1.2.3.5
> > tlsproxy_1.2.3.5 ...other master settings...
> > -o syslog_name=postfix/1.2.3.5
> > ...certificate stuff...
>
> Yes, that was the whole point of this! Thanks for the extra notes. I've
> had things running for the past day or so without the separate tlsproxy
> services, and haven't noticed any immediately obvious errors in the
> logs. On the other hand, I *have* noticed an increase in spam, so
> probably it hasn't been working after all! I'll tweak further tonight.
>
> Is this particular setup detailed in the docs anywhere? It seems like
> something a fair number of people will be interested in. I can do some
> sort of blog post, but I don't know how many people it would reach.
The "-o <service>_name" feature works, but it quickly becomes
unwieldy with more comples configurations. For complex setups,
separate Postfix instances are a more manageable solution than a
web of -o options. Unfortunately some distros don't handle multiple
Postfix instance support well.
Wietse
