N.C.A.J. Berg via Postfix-users:
> Hello people,
>
> I have Postfix running on a small server with 6 domains pointing to it.
> Only one global ip address
>
> OS: Debian GNU/Linux 12 (bookworm)
> Postfix: Postfix version 3.7.11
> Certificates from Let's Encrypt
>
> I have made a nice "/etc/postfix/domain_ssl.map" With "postmap -F
> hash:/etc/postfix/domain_ssl.map" made a .db file from it.
> In main.cf "tls_server_sni_maps = hash:/etc/postfix/domain_ssl.map"
>
> That's it.
>
>
> Problem: When I do "openssl s_client -connect localhost:587 -servername
> mail.example.nl -starttls smtp" *I get the certificate from the default
> domain and not from mail.example.nl.*
>
> In postfix.log i have the following reaction: "TLS SNI mail.example.nl
> from localhost[127.0.0.1] not matched, using default chain".
Try: "postmap -s hash:/etc/postfix/domain_ssl.map" and see what
lookup keys it will match. Keys that start with '.' will match
subdomains of that suffix.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
