On Mon, Mar 7, 2016 at 10:57 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Mon, Mar 07, 2016 at 08:30:54PM -0600, Tom Browder wrote: >> On Mon, Mar 7, 2016 at 5:13 PM, Viktor Dukhovni >> <postfix-us...@dukhovni.org> wrote: >> > On Mon, Mar 07, 2016 at 03:18:11PM -0600, Tom Browder wrote: >> >> I have a server with several vhosts. I am working on providing mail >> >> services to each with TLS. I have server CA certs and unlocked keys >> >> for each individual vhost. >> > >> > When you say "vhost", what do you mean? >> >> Virtual hosts. > > Gee thanks, but I'm not that thick...
I certainly don't think that, Viktor--please pardon me if you think I was being insulting. I clearly was not even thinking about the several types of virtual hosts. I am running multiple virtual hosts on a single, real Apache server. I have a fair amount of experience with TLS and Apache but none with TLS and Postfix, so please forgive my apparently stupid questions. > [ref] smtpd_tls_CApath seems >> > No, that's mostly for verifying client certs and has very little >> > to do with server certificates. > So what exactly is your question then? ... >> As it stands, I have an MX record for each virtual host, each pointing >> to the "real" host. > > What's a "virtual host" again? Just multiple domains sharing a > common MX record? Then you only need one certificate. Good deal. >> Right now I'm just trying to get smtp access from my local host and >> would like to use TLS and client certs. > > This is too vague to mean anything. Okay, here is my objective: 1. Use ONE Postfix instance running on my remote server which has full presence on the Internet with official domain names for several Apache virtual hosts. (Postfix is running apparently successfully. I have Cyrus SASL working when I access the smtpd while logged on the server and can get a good telnet connection.) 2. Use my local host (with dynamic IP) to send mail (but not receive mail) via the remote Postfix smtpd. (That is not working at the moment [connection refused], but I am still tweaking Postfix variables.) I want to be able to access the smtpd remotely via local lost smtp clients and plan to use a client cert for access and TLS for the connection. The desired local smtp client is Net::SMTP available with Perl 6. If that objective is not possible, please suggest the correct path Thank you for your patience with a Postfix dummy. Best regards, -Tom
