On 05-19-2021 6:38 pm, Wietse Venema wrote:
This is too complicated.

With a load balancer, the backend hosts don't need to exist in DNS,
and the backend hosts don't even need a globally unique IP address.
They can sit on 10.0.0.1 and 10.0.0.2 and have fake hostnames.

But they do need public IP, they are submission servers. After they accept an email from a client they are going to try to deliver it. They need a proper hostname matching elho and PTR records. Granted they wont need that for the purpose of the client submitting the email, but the servers themselves do need it since they are postfix submission server delivering mail to the world.


In this light, it is natural to give the proxy host the public DNS
name and IP address, because that is the only name and address that
matters to the client.

Agreed. And this is what ive been unsuccessfully trying to ask for help on.
The clients want a cert that matches what they connected to.
Postfix sits on a different server.
How to setup postfix to use the cert assigned to the load balancer that the client is expecting?

Reply via email to