Multiple SSL Virtual Hosts 6.0
For HTTP, POP3, and IMAP, please see the SSL certificates per domain guide.
postfix (SMTP)
For postfix we use a .in master file that you can edit and have the changes stick: just edit /opt/zimbra/postfix/conf/master.cf.in (after backing it up of course!). Instead of letting postfix bind to the port globally, you configure it to bind to a specific address and override the global certificate with a specific one:
Before:
smtp inet n - n - - smtpd submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%% -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
After:
# domain1 instance 1.1.1.1:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key 1.1.1.1:submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%% -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%% -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key # domain2 instance 1.1.1.2:smtp inet n - n - - smtpd -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key 1.1.1.2:submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%% -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%% -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key
(If you want to enable 465 (smtps), it's a clone of submission with -o smtpd_tls_wrappermode=yes)
Keywords: ssl, virtual hosts
Version: Release 6.0.5_GA_2213.RHEL5_64_20100203001950 CentOS5_64 FOSS edition.