> > However, I just realized that I actually might not need to change
> > the domain. The -o overrides I need may only be the smtpd_tls_*
> > settings. I was just concerned about name mismatches with the
> > certificate, but whatever postfix thinks is the domain shouldn't
> > affect the client's matching the domain name in the certificate
> > itself to the domain it used to connect. Therefore, perhaps this
> > proposal would NOT be outside the scope of what you find acceptable?
> >
> > 1.2.3.4:smtp inet n - n - - smtpd
> > -o smtpd_tls_cert_file=/etc/postfix/domainA.crt
> > -o smtpd_tls_key_file=/etc/postfix/domainA.key
> >
> > 4.3.2.1:smtp inet n - n - - smtpd
> > -o smtpd_tls_cert_file=/etc/postfix/domainB.crt
> > -o smtpd_tls_key_file=/etc/postfix/domainB.key
Just wanted to confirm with the list that this does in fact work... and work
beautifully. :-) It also works for smtps and submission services as well.
Very cool.
> Wietse:
> > I see no multiple settings for the same host/domain parameters here.
>
> Right, I was hoping this was more acceptable for "official" use.
>
> Wietse:
> > Postfix also needs to know that it is final destination for [1.2.3.4],
> > [4.3.2.1] and for all the corresponding domain names, otherwise mail
> > for those destinations will loop.
> >
> > You need to list 1.2.3.4 and 4.3.2.1 in main.cf:proxy_interfaces
> > if those addresses don't already match main.cf:inet_interfaces,
> > and you need to list all the corresponding host/domain names in
> > mydestination, if those host/domain names aren't already listed in
> > virtual_{alias,mailbox}_maps.
>
> Right. I already have all those things set up, as it works fine listening on
> the machine with the single TLS certificate for all interfaces and domains.
> Seems like this will work, then.
>
> Thanks VERY VERY much for your patience, support and the great wonderful
> software and hard work you give to the world!!!!!
