Re: Multiple ssl certs for virtual domain server

Wed, 27 May 2020 13:02:07 -0700 

Thank's a lot.

Il 27/05/2020 21:45, Viktor Dukhovni ha scritto:

On Wed, May 27, 2020 at 09:20:10PM +0200, Matteo Cazzador wrote:


Hi everybody i've another question about postifx virtual domain server
and multiple ssl certs.

My virtual postfix server has one public ip.

My postfix version is  3.4.10 (on virtualmin setup)

Is it possible to configure postfix to manage multiple ssl certs for
ssl/tls with only one public ip address?

Yes, as of Postfix 3.4, however, just because it is possible, does not
make it a good idea.  If *at all* possible, at least for port 25, use a
MX indirection rather than virtual hosting:

     example.org. IN MX 0 smtp.example.org.
     example.net. IN MX 0 smtp.example.org.
     example.edu. IN MX 0 smtp.example.org.
     smtp.example.org. IN A 192.0.2.1

rather than:

     example.org. IN MX 0 smtp.example.org.
     example.net. IN MX 0 smtp.example.net.
     example.edu. IN MX 0 smtp.example.edu.
     smtp.example.org. IN A 192.0.2.1
     smtp.example.net. IN A 192.0.2.1
     smtp.example.edu. IN A 192.0.2.1


Something like

smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem

butr every virtual domain with his own ssl certs?

      
https://urlsand.esvalabs.com/?u=http%3A%2F%2Fwww.postfix.org%2Fpostconf.5.html%23tls_server_sni_maps&e=9aacaa7d&h=6f763e90&f=y&p=y

So, yes possible, but avoid at all costs.  Only necessary o port 587 for
submission if you must support mail clients that have per-domain SMTP
server settings and the hosting of the submisison service moves around
from time to time.


--
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.

Le informazioni contenute in questa e-mail e nei files eventualmente allegati 
sono destinate unicamente ai destinatari della stessa e
sono da considerarsi strettamente riservate. E' proibito copiare, salvare, 
utilizzare,  inoltrare a terzi e diffondere il contenuto della presente
senza il preventivo consenso, ai sensi dell'articolo 616 c.p. e della Legge n. 
196/2003. Se avete ricevuto questo messaggio per errore siete
pregati di comunicarlo immediatamente all'indirizzo mittente, nonché di 
cancellarne il contenuto senza procedere ad ulteriore o differente trattamento.


******************************************
Ing. Matteo Cazzador
NetLite snc di Cazzador Gagliardi
Corso Vittorio Emanuele II, 188 37069
Villafranca di Verona VR
Tel 0454856656
Fax 0454856655
Email: mat...@netlite.it
Web: http://www.netlite.it
******************************************

Reply via email to