If you ever wanted to use your Postfix with multiple SSL certificates for different domains, here is how.
List of requirements
- separate IP for each SSL certificate
- different domains you will use for your mail (say, example.com and example2.com)
- separate SSL certificate for each domain
The change will involve:
- modifying /etc/postfix/main.cf
- modifying /etc/postfix/master.cf
Comment out smtpd_tls_key_file and smtpd_tls_cert_file directives. smtpd_tls_CAfile can stay, if the certificates you’re using are from the same SSL vendor.
Where you previously had Postfix master listening on all interfaces (for smtp/25, smtps/465, submission/587), and thus, using one SSL certificate (the one defined in /etc/postfix/main.cf):
You should now modify it to use different IP addresses and different SSL certificates – for example, for mail.example.com and mail.example2.com:
That’s it! Restart Postfix, and you should be done.
For information on how to set up Cyrus to use multiple certificates, see this article.