Wietse:
> I do not support configurations with multiple myhostname/mydomain
> settings (or multiple settings for any domain-like parameter that
> determines how Postfix handles email).
email builder:
> That's certainly fair. I can accept that I am stepping outside
> the use model with this and that maybe the sure bet would be to
> run multiple instances. I will, however, endeavor to test my idea
> and report back for others' edification if it works or not.
Wietse:
> Please, DO NOT share details of unsupported configurations.
>
> Postfix internals are being updated on an ongoing basis and I don't
> need the support load from people who find that your stuff no longer
> works.
email builder:
> Alright, I understand.
>
> However, I just realized that I actually might not need to change
> the domain. The -o overrides I need may only be the smtpd_tls_*
> settings. I was just concerned about name mismatches with the
> certificate, but whatever postfix thinks is the domain shouldn't
> affect the client's matching the domain name in the certificate
> itself to the domain it used to connect. Therefore, perhaps this
> proposal would NOT be outside the scope of what you find acceptable?
>
> 1.2.3.4:smtp inet n - n - - smtpd
> -o smtpd_tls_cert_file=/etc/postfix/domainA.crt
> -o smtpd_tls_key_file=/etc/postfix/domainA.key
>
> 4.3.2.1:smtp inet n - n - - smtpd
> -o smtpd_tls_cert_file=/etc/postfix/domainB.crt
> -o smtpd_tls_key_file=/etc/postfix/domainB.key
Wietse:
> I see no multiple settings for the same host/domain parameters here.
Right, I was hoping this was more acceptable for "official" use.
Wietse:
> Postfix also needs to know that it is final destination for [1.2.3.4],
> [4.3.2.1] and for all the corresponding domain names, otherwise mail
> for those destinations will loop.
>
> You need to list 1.2.3.4 and 4.3.2.1 in main.cf:proxy_interfaces
> if those addresses don't already match main.cf:inet_interfaces,
> and you need to list all the corresponding host/domain names in
> mydestination, if those host/domain names aren't already listed in
> virtual_{alias,mailbox}_maps.
Right. I already have all those things set up, as it works fine listening on
the machine with the single TLS certificate for all interfaces and domains.
Seems like this will work, then.
Thanks VERY VERY much for your patience, support and the great wonderful
software and hard work you give to the world!!!!!
