On Wed, May 27, 2020 at 09:20:10PM +0200, Matteo Cazzador wrote:
> Hi everybody i've another question about postifx virtual domain server
> and multiple ssl certs.
>
> My virtual postfix server has one public ip.
>
> My postfix version isĀ 3.4.10 (on virtualmin setup)
>
> Is it possible to configure postfix to manage multiple ssl certs for
> ssl/tls with only one public ip address?
Yes, as of Postfix 3.4, however, just because it is possible, does not
make it a good idea. If *at all* possible, at least for port 25, use a
MX indirection rather than virtual hosting:
example.org. IN MX 0 smtp.example.org.
example.net. IN MX 0 smtp.example.org.
example.edu. IN MX 0 smtp.example.org.
smtp.example.org. IN A 192.0.2.1
rather than:
example.org. IN MX 0 smtp.example.org.
example.net. IN MX 0 smtp.example.net.
example.edu. IN MX 0 smtp.example.edu.
smtp.example.org. IN A 192.0.2.1
smtp.example.net. IN A 192.0.2.1
smtp.example.edu. IN A 192.0.2.1
> Something like
>
> smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
> smtpd_tls_key_file = /etc/postfix/postfix.key.pem
>
> butr every virtual domain with his own ssl certs?
http://www.postfix.org/postconf.5.html#tls_server_sni_maps
So, yes possible, but avoid at all costs. Only necessary o port 587 for
submission if you must support mail clients that have per-domain SMTP
server settings and the hosting of the submisison service moves around
from time to time.
--
Viktor.
