> On Jul 26, 2017, at 10:28 AM, Tom Browder <tom.brow...@gmail.com> wrote: > > Now my question: is there any future benefit to having tls certs for a host > name of "smtp.domain.tld" for each "domain.tld" when all domains will have > the same mail server?
No, for inbound mail a single MX hostname shared across all hosted domains and an associated shared name in the certificate is best. If you're also doing port 587 submission, and/or imap then it sometimes makes more sense to have per-domain certificates. I've still not had the time to implement support for server-side SNI in Postfix, so multiple certificates for submission are not well supported in Postfix. I don't quite understand how service providers go about obtaining legitimate certificates for client domains they don't control. If all the domains are yours, a single shared name for the submission service is again simpler. -- -- Viktor.