> On Jul 26, 2017, at 10:28 AM, Tom Browder <[email protected]> wrote:
>
> Now my question: is there any future benefit to having tls certs for a host
> name of "smtp.domain.tld" for each "domain.tld" when all domains will have
> the same mail server?
No, for inbound mail a single MX hostname shared across all hosted
domains and an associated shared name in the certificate is best.
If you're also doing port 587 submission, and/or imap then it sometimes
makes more sense to have per-domain certificates. I've still not had
the time to implement support for server-side SNI in Postfix, so multiple
certificates for submission are not well supported in Postfix.
I don't quite understand how service providers go about obtaining
legitimate certificates for client domains they don't control.
If all the domains are yours, a single shared name for the submission
service is again simpler.
--
--
Viktor.
