"map names received from remote SMTP clients via the TLS Server Name Indication (SNI) extension to the appropriate keys and certificate chains. This parameter is implemented in the Postfix TLS library, and applies to both smtpd(8) and the SMTP server mode of tlsproxy(8)."
> but, again, haven't figured out where/how to provide the per-transport
> cert/key mappings.
You keep saying "per-transport", but you clearly mean per-destination.
But in fact, per-transport is what's possible, and you can choose an
appropriate transport for each destination, via the transport(5) table.