On Tue, Jun 01, 2010 at 10:20:56AM -0400, Wietse Venema wrote:
> > Common Name: myserver.domain.com
> > MX for domain1: smtp.domain1.com
> > MX for domain2: smtp.domain2.com
> >
> > Then, how i configure SSL Certificates per domain on Postfix?
> > References?
>
> How would Postfix know what certificate to use?
> Hint: SMTP is not HTTP.
Now that OpenSSL 1.0 is out, and has "always on" support for TLSv1
extensions, I may find some time to add SNI support to Postfix. This
creates significant additional complexity in the SMTP server SSL
state management, and with most users on 0.9.8 or even 0.9.7, it
has not yet been a priority.
Even with SNI support, most SMTP clients will not make use of SNI, so
it will take a long time before SMTP STARTTLS servers can expect to
support multiple certificates for most clients.
--
Viktor.
