Thanks guys. I'd like to know about both sender and recipient domain. Chris
On Aug 8, 2021, 18:30, at 18:30, Wietse Venema <wie...@porcupine.org> wrote: >Viktor Dukhovni: >> On Sun, Aug 08, 2021 at 10:50:48AM -0400, Wietse Venema wrote: >> >> > I suppose that each client certificate will be valid only with a >> > specific host, so you would have to update the sender_transport >> > table to return a transport:nexthop result. >> >> FWIW, the OP's question was: > > I would like to know how Postfix handles client certificates > for delivery i.e. when it makes a remote connection to deliver > email. > >> Is it possible to control the certificate that is used per >domain? >> >> If per-domain means per destination nexthop regardless of sender, the >> configuration would be simpler. Assuming just a small number of >client >> certs, just configure a separate transport for each client cert, and >use >> transport_maps to map the domain in question to that transport. > >The question as posed previously in off-list email: > > Is it possible to control the certificate that is used per email > / per customer? > >So we know that "customer" means "domain", and "certificate" means >"client certificate". We don't know if "domain" is sender or recipient. > > Wietse
