Re: postfix and multiple TLS certificates

Fri, 11 Dec 2015 09:52:40 -0800 

This is what I do on a mail server that I set up to consolidate the functions 
of several previous postfix servers.

In main.cf, I have it set up to listen on the primary IP address for the 
server, and tell it to use the certificates for that primary hostname using 
smtp_tls_cert_file, smtpd_tls_cert_file, and the other TLS options.  Then, in 
master.cf, I configure a second IP address, and set the options for that 
listener:

other.mail.server:smtp  inet    n       -       n       -       0       smtpd
        -o myhostname=other.mail.server
        -o smtp_tls_cert_file=/path/to/certfile.pem
        -o smtpd_tls_cert_file=/path/to/certfile.pem

It seems to work pretty well for us.  A wildcard certificate or one with 
multiple subject alternate names will also work, but those tend to be more 
expensive.


Brian

--
Brian Sebby  (se...@anl.gov)  |  Infrastructure and Operation Services
Phone: +1 630.252.9935        |  Computing and Information Systems
Cell:  +1 630.921.4305        |  Argonne National Laboratory

> On Dec 11, 2015, at 8:00 AM, José Roberto <zep...@outlook.com> wrote:
> 
> Hi,
> 
> I think it's possible based on master.cf, you could set specific doamin for a 
> smtp or submission and you set a specific TLS certificate in that  process, 
> like we use for ehlo for a different IP and ehlo for a specific domain, but 
> you need testing it.
> 
> 
> 
> José Roberto
> E-mail: zep...@outlook.com <mailto:zep...@outlook.com> | Skype: zeponi | ICQ: 
> 159416293
> Informações profissionais: http://br.linkedin.com/in/jralves 
> <http://br.linkedin.com/in/jralves>
> 
> Date: Fri, 11 Dec 2015 09:11:04 +0100
> Subject: postfix and multiple TLS certificates
> From: zalezny.niezale...@gmail.com
> To: postfix-users@postfix.org
> 
> Hi, 
> 
> is it possible to configure in Postfix multiple TLS certificates.
> For example, on my LAN relay server I must configure TLS for the unix domains 
> and for windows domains. Both domains use different names. How to manage that 
> part ?
> 
> How to generate certificates than ? Is it possible to map some how TLS 
> certificates for the different domains ?
> 
> 
> Thanks in advance for Your support.
> 
> 
> Zalezny

Reply via email to