> > > > I have two IP addresses on my server and would like to serve a
> > > > different
> SSL
> > > (TLS) certificate for each one. I think all the other configuration will
> not
> > > need to differ between the two, so I think running multiple instances of
> postfix
> > > would be overkill (?).
> > > >
> > > > I want to confirm that it would be possible/viable/advisable to simply
> create
> > > two smtpd processes in master.cf:
> > > >
> > > > 1.2.3.4:smtp inet n - n - - smtpd
> > > > -o myhostname=mail.domainA.com
> > > > -o mydomain=domainA.com
> > > > -o smtpd_tls_cert_file=/etc/postfix/domainA.crt
> > > > -o smtpd_tls_key_file=/etc/postfix/domainA.key
> > > >
> > > > 4.3.2.1:smtp inet n - n - - smtpd
> > > > -o myhostname=mail.domainB.com
> > > > -o mydomain=domainB.com
> > > > -o smtpd_tls_cert_file=/etc/postfix/domainB.crt
> > > > -o smtpd_tls_key_file=/etc/postfix/domainB.key
> > >
> > > The rest of Postfix needs to know where it should deliver mail for
> > > mail.domainB.com, domainB.com, mail.domainA.com, and domainA.com.
> >
> > Oh, perhaps I didn't make it clear that I have a whole bunch of other conf
> >-iguration in main.cf, which includes MySQL lookups for transport_maps and vi
> >-rtual_mailbox_maps. On a single IP address with one TLS certificate, it rou
> >-tes/accepts mail for domainA and domainB as needed. My assumption above is
> >-that as long as I don't override all the settings that make my mail delivery
> >- work with one IP/TLS certificate, I can just change what TLS certificate is
> >- offered up for each of my IP addresses.
> >
> > > Otherwise, the Postfix SMTP server will reject mail with "relay
> > > access denied", and the Postfix SMTP client will reject mail with
> > > that "mail loops back to myself".
> >
> > Does my clarification above change your opinion about this? Why wouldn't
> >-mail for domainA and domainB be treated the same as before (when using just
> >-one IP/TLS cert) if I don't override any other settings?
>
> I do not support configurations with multiple myhostname/mydomain
> settings (or multiple settings for any domain-like parameter that
> determines how Postfix handles email).
That's certainly fair. I can accept that I am stepping outside the use model
with this and that maybe the sure bet would be to run multiple instances. I
will, however, endeavor to test my idea and report back for others' edification
if it works or not.
Thank you, Wietse.
> > > Note that the Postfix SMTP server does not make all decisions by
> > > itself. It relies on the trivial-rewrite service to decide how
> > > a domain should be handled.
> > >
> > > There is no official support for multiple domain personalities.
> >
> > Right, I understand this is not as much a "domain personality" as it is a
> >-per-IP change.
> >
> > Thanks so very, very much.