Different certs on different interfaces

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Different certs on different interfaces

Luciano Mannucci

I have a running postfix 2.11.10 that binds to several interfaces, on
some of which I whish to enable TLS. I have a different certificate
for each interface; is that supported or I have to run two different
postfixes?

Thanks to everybody,

Luciano.
--
 /"\                         /Via A. Salaino, 7 - 20144 Milano (Italy)
 \ /  ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
  X   AGAINST HTML MAIL    /  E-MAIL: [hidden email]
 / \  AND POSTINGS        /   WWW: http://www.lesassaie.IT/
Reply | Threaded
Open this post in threaded view
|

Re: Different certs on different interfaces

Viktor Dukhovni

> On Sep 12, 2017, at 10:35 AM, Luciano Mannucci <[hidden email]> wrote:
>
> I have a running postfix 2.11.10 that binds to several interfaces, on
> some of which I whish to enable TLS. I have a different certificate
> for each interface; is that supported or I have to run two different
> postfixes?

http://www.postfix.org/master.5.html
http://www.postfix.org/smtpd.8.html
http://www.postfix.org/postconf.5.html#smtpd_tls_cert_file
http://www.postfix.org/postconf.5.html#smtpd_tls_key_file

From master(5):

       Command name + arguments

              The command to be executed.  Characters that are special to  the
              shell  such  as  ">"  or  "|"  have no special meaning here, and
              quotes cannot be used to  protect  arguments  containing  white-
              space.  To  protect  whitespace,  use  "{"  and "}" as described
              below.

              The command name is relative to  the  Postfix  daemon  directory
              (pathname  is  controlled  by the daemon_directory configuration
              variable).

              The command argument syntax for specific commands  is  specified
              in the respective daemon manual page.

              The  following command-line options have the same effect for all
              daemon programs:

             
              -D     Run the daemon under control  by  the  command  specified
                     with the debugger_command variable in the main.cf config-
                     uration file.  See DEBUG_README for hints and tips.

              -o { name = value } (long form, Postfix >= 3.0)

              -o name=value (short form)
                     Override the named main.cf configuration  parameter.  The
                     parameter  value  can  refer to other parameters as $name
                     etc., just like in main.cf.  See postconf(5) for  syntax.

                     NOTE  1:  With  the  "long  form" shown above, whitespace
                     after "{", around "=", and before  "}"  is  ignored,  and
                     whitespace within the parameter value is preserved.

                     NOTE 2: with the "short form" shown above, do not specify
                     whitespace around the "="  or  in  parameter  values.  To
                     specify  a  parameter value that contains whitespace, use
                     the long form described above, or use commas  instead  of
                     spaces, or specify the value in main.cf. Example:

                     /etc/postfix/master.cf:
                         submission inet .... smtpd
                             -o smtpd_xxx_yyy=$submission_xxx_yyy

                     /etc/postfix/main.cf

                         submission_xxx_yyy = text with whitespace...

                     NOTE 3: Over-zealous use of parameter overrides makes the
                     Postfix configuration hard to  understand  and  maintain.
                     At  a certain point, it might be easier to configure mul-
                     tiple instances of Postfix, instead of configuring multi-
                     ple personalities via master.cf.

--
        Viktor.