There were some discussions in 2015 and more recently about SNI support.
For IMAP/POP, dovecot (which allows SNI support) has a configuration like this
in our setup:
local_name imap.example.org { ssl_cert = http://postfix.1071664.n5.nabble.com/postfix-and-multiple-TLS-certificates-td80968.html
Amazing! Thanks!
I’d request considering allowing the SNI to be enabled per port. While using it
in production we found a very small number (<1%) of mail servers sending to our
server didn’t like SNI- likely ancient mail servers. That said, we didn’t find
any clients (outlook, phones, etc) tha
nuary 25, 2018, 9:43 PM, Viktor Dukhovni
wrote:
> On Jan 25, 2018, at 9:30 PM, MK wrote:
>
> I’d request considering allowing the SNI to be enabled per port.
Each port gets its own entry in master.cf, so you will certainly
be able to enable or disable SNI support for a given TCP endp
Was seeing similar behaviour under high tcp load in other applications
(unrelated to postfix).
It’s possible you’re running into this bug. Try to Set vmxnet3.rev.30=FALSE
under the VMs properties and reboot
More info here:191201 – Randomly freezes due to VMXNET3
|
| |
191201 – Randomly
Hi Viktor,
Is this on the roadmap for 3.4 or for a long-term roadmap?Just curious.Thanks
for all the amazing work on Postfix.
-M
From: Viktor Dukhovni
To: Postfix users
Sent: Thursday, January 25, 2018 10:23 PM
Subject: Re: SMTP SNI Support
> On Jan 25, 2018, at 10:06 PM,
The documentation on this is very convoluted, but through trial and error and
reviewing code, I did figure it out.
- main.cf -# provide the primary certificate for the server, to be used
for outgoing connectionssmtpd_tls_chain_files =
/etc/letsencrypt/live/servername.serverdom.com/privk
My current setup is this: * Mail is received by postscreen (which filters RBLs
and basic checks) * Passed to smtpd * applies content_filter which passes the
mail to amavis-new port 10024 * Amavis-new passes the mail back on 10025 *
LOCAL mail is sent to the virtual_transport (dovecot LMTP)
