On 05-19-2021 6:38 pm, Wietse Venema wrote:
This is too complicated.
With a load balancer, the backend hosts don't need to exist in DNS,
and the backend hosts don't even need a globally unique IP address.
They can sit on 10.0.0.1 and 10.0.0.2 and have fake hostnames.
But they do need public IP, they are submission servers. After they
accept an email from a client they are going to try to deliver it. They
need a proper hostname matching elho and PTR records. Granted they wont
need that for the purpose of the client submitting the email, but the
servers themselves do need it since they are postfix submission server
delivering mail to the world.
In this light, it is natural to give the proxy host the public DNS
name and IP address, because that is the only name and address that
matters to the client.
Agreed. And this is what ive been unsuccessfully trying to ask for help
on.
The clients want a cert that matches what they connected to.
Postfix sits on a different server.
How to setup postfix to use the cert assigned to the load balancer that
the client is expecting?