letsencrypt for tls on port 25 for remote servers to verify

and tls-require verify auth on port 587 permitting self signed certificates

You will need to use different hostnames.

hostmx = mx.example.com
hostsub = mail.example.com

pki $hostmx cert "/etc/ssl/letsencrypt-mx.example.com_Fullchain.pem"
pki $hostmx key "/etc/ssl/letsencrypt-mx.example.com_Key.pem"

pki $hostsub cert "/etc/ssl/myca-mail.example.com_Fullchain.pem"
pki $hostsub key "/etc/ssl/myca-mail.example.com_Key.pem"

listen on $v4adr port 25 tls \
        hostname $hostmx pki $hostmx

listen on $v4adr port 587 tls-require \
        hostname $hostsub pki $hostsub \

Reply via email to