Prev-20 Home Next-20 2 msg SQL query as alias 3 msg Mailfrom restriction and SASL clients 4 msg How to inform outside users that domain soon wi... 31 msg ASSP and NOOP 9 msg Double restrictions for SMTP Authen question ? 5 msg Resend 'virus' mails 3 msg message_size_limit exceptions 53 msg about greylist.pl and alternatives 7 msg failing to send a large mail Re: Another weird cert question \ Rob Wynne (29 May 2007) 2 msg Restrict sending to one address from one IP? 6 msg Forcing PIX workarounds? 4 msg header checks are not working 9 msg recipient_delimiter 3 msg Documenting alias expansion in mails 5 msg Domain Change Notification 4 msg How to do a defer_if_permit with a SMTP code 451? 4 msg virtual: mbox fine, maildir generates 'fatal: g... 5 msg Multiple relays and rate control with anvil 19 msg 550 Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users May-2007 Next-Thread Next-Msg Subject: Re: Another weird cert question Group: Postfix-users From: Rob Wynne Date: 29 May 2007 On Wed, 2007-04-18 at 15:26 -0400, Victor Duchovni wrote: > On Wed, Apr 18, 2007 at 02:42:57PM -0400, Rob Wynne wrote: > > > Thanks to everyone who helped out with information about the right cert > > to buy. Everything on that front is up and running. > > > > Here's a weird one posed to me by my boss, and so far I haven't found a > > good solution. > > > > We do mail service for multiple ISPs. Currently, one of two thing will > > have to occur when their customers use the authenticated smtp server: > > > > 1) They'll need to use the server name exactly as we certified it > > Yes. > > > or > > > > 2) They can use an address inside their ISP's domain name, and get an > > error when they first connect complaining about the name/cert mismatch. > > Yes. > > > For some of our customers, neither of these are a good solution. > > They're going to want their domain name to work without a warning. The > > obvious way to do this is to have a separate cert for each ISP, bound to > > a different IP address on the server. > > Yes. > > > So far, all the documentation I've found on running multiple instances > > of Postfix involve completely duplicating all parts of the mail server > > -- configs, queues, etc. Is there any easily useful way to bind > > multiple certs to separate ips for the purpose of providing transparent > > TLS to multiple domains? > > You don't absolutely need separate instances of Postfix, just multiple > smtpd entries in master.cf will do, but assigning correct process limits > may be difficult. With Postfix prior to 2.4.0 or platforms that don't > support kqeuue/epoll/devpoll the tlsmgr(8) process is typically limited > to 1024 file descriptors, and you need to ensure that the total number > of smtpd processes in a single Postfix instance does not rise above 1024. > Can you point me to any documentation on running multiple smtpd entries? Thanks! rob Prev-Msg Prev-Thread Postfix-users May-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com