Postfix and multiple SSL certificates

If you ever wanted to use your Postfix with multiple SSL certificates for different domains, here is how.

List of requirements

  • separate IP for each SSL certificate
  • different domains you will use for your mail (say, and
  • separate SSL certificate for each domain

The change will involve:

  • modifying /etc/postfix/
  • modifying /etc/postfix/

Modifying /etc/postfix/

Comment out smtpd_tls_key_file and smtpd_tls_cert_file directives. smtpd_tls_CAfile can stay, if the certificates you’re using are from the same SSL vendor.

Modifying /etc/postfix/

Where you previously had Postfix master listening on all interfaces (for smtp/25, smtps/465, submission/587), and thus, using one SSL certificate (the one defined in /etc/postfix/

You should now modify it to use different IP addresses and different SSL certificates – for example, for and

That’s it! Restart Postfix, and you should be done.

For information on how to set up Cyrus to use multiple certificates, see this article.