Hi folks,
We have a multi-homed server with ~20 IP addresses that listen for
incoming mail connections. I'd like to setup a personalized SSL
certificate for 1 IP address over submission (non-SNI). I know this can
be accomplished by adding a custom service in master.cf that uses smtpd
with a sample config "-o smtp_bind_address=x.y.z -o
smtpd_tls_cert_file=xyz".
This works, but if I specify 1 service, then I must likewise enumerate
all remaining IP addresses and define custom smtpd services in
master.cf. This can be done with Makefile, but it's a tedious process
yielding quite a bit of service duplication when only 1 IP requires a
custom configuration.
I know that approach will work. But, is there a better solution? For
example, a configuration parameter for Postfix to continue startup if it
cannot bind to a particular address or IP address negation in
smtp_bind_address, e.g. smtp_bind_address=!1.2.3.4 to bind to all
addresses except 1.2.3.4? Either that or something like
smtp_bind_dependent_maps and use a hash such as:
1.2.3.4 -o smtpd_tls_cert_file=/etc/pki/postfix.pem \
-o smtpd_enforce_tls=yes
That would make configuration per-IP significantly more maintainable.
- Matt
