On 06/01/2010 10:00 AM, Victor Duchovni wrote: > On Tue, Jun 01, 2010 at 10:20:56AM -0400, Wietse Venema wrote: > >>> Common Name: myserver.domain.com >>> MX for domain1: smtp.domain1.com >>> MX for domain2: smtp.domain2.com >>> >>> Then, how i configure SSL Certificates per domain on Postfix? >>> References? >> >> How would Postfix know what certificate to use? >> Hint: SMTP is not HTTP. > > Now that OpenSSL 1.0 is out, and has "always on" support for TLSv1 > extensions, I may find some time to add SNI support to Postfix. This > creates significant additional complexity in the SMTP server SSL > state management, and with most users on 0.9.8 or even 0.9.7, it > has not yet been a priority. > > Even with SNI support, most SMTP clients will not make use of SNI, so > it will take a long time before SMTP STARTTLS servers can expect to > support multiple certificates for most clients. >
Could this be a case where it makes sense to run multiple instances of postfix which bind to different IP's and are each configured with unique certs? kind regards, _Terry
