Postfix & SNI (Server Name Identification)

Dear List,

I am trying to put together a virtaul e-mail server with dovecot and postfix for 4 domains. I am using letsencrypt for keys. So far I am unalbe to get it to work. The version of postfix is 3.5.8 and servername identification is supposed to work for that version. Has anyone put this kind of configuration in Rocky Linux yet?

Does “tls_server_sni_maps = hash:/etc/postfix/” work for Rocky Linux?

Greg Ennis

This may be better off on postfix-users. You will probably find it preferable to have a single certificate with multiple Subject Alternative Names.

Actually you may be better not to use multiple names at all on an SMTP server.

The way I see it the domain maps seems to only relate to the certificate. Unfortunately that is only solving part of the issue. Some smtp servers will reject the connection if the helo/ehlo doesn’t match the domain. I haven’t seen any article which addresses this. So unless the helo/ehlo can also dynamically be changed when configuring SNI, it isn’t worth bothering with as there will be far more delivery problems when these do not match. PTR or revdns must also match the IP as well as the helo/ehlo. Not also including what happens with reputation if one domain spams from that server and the effects on the other domains being served by that same server.