On 1/31/2014 1:46 PM, Israel Brewster wrote: > I’ll have to look into that. While I think I can figure it out easily enough > (looks like I would need to override the inet_interfaces and > smtpd_tls_cert/key file directives), is there an example of this sort of > configuration somewhere? > > ----------------------------------------------- > Israel Brewster > Computer Support Technician II > Era Alaska > 5245 Airport Industrial Rd > Fairbanks, AK 99709 > (907) 450-7250 x7293 > ----------------------------------------------- > > > > > > On Jan 31, 2014, at 10:12 AM, Noel Jones <njo...@megan.vbhcs.org> wrote: > >> On 1/31/2014 12:59 PM, Israel Brewster wrote: >>> We are currently in the process of changing our domain name, and >>> were wondering if there was any way for postfix (and Dovecot, but >>> that’s a different mailing list) to present different certificates >>> depending on what domain name users are connecting with? That is, >>> for a period of time we want users to be able to connect using >>> either the old domain name or the new domain name, without getting >>> an error. We don’t, however, want to separate the domains - a given >>> user should be able to receive and send mail from either domain >>> interchangeably, as per the mydestination configuration directive >>> (as I understand it). Is this possible, or will we need to simply >>> change the certificate to the new domain, with the caveat that some >>> users will be getting certificate errors until we can get around to >>> changing their setup? >>> >> >> >> Your best bet is to set up the new domain name on a separate IP >> address, and present the proper certificates there. >> >> You can configure a single postfix instance to listen on multiple >> IPs and define which certificate goes with which IP using master.cf >> -o overrides. >> >> >> >> >> -- Noel Jones >
Probably the minimum is myhostname and the key/cert files. Something like: # master.cf 10.0.0.101:25 inet n - n - - smtpd -o myhostname=old.example.com -o smtpd_tls_key_file=/path/to/old.key -o smtpd_tls_cert_file=/path/to/old.cert 10.0.0.102:25 inet n - n - - smtpd -o myhostname=new.example.com -o smtpd_tls_key_file=/path/to/new.key -o smtpd_tls_cert_file=/path/to/new.cert -- Noel Jones
