postfix邮件如何配置多个域名证书

为了解决网站通过smtp服务完成发送邮件api功能，需要配置 多个ssl支持，否则无法完成发信操作
出现：

SMTP Error: Could not connect to SMTP host. Connection failed. stream_socket_enable_crypto(): Peer certificate CN=`m.cwbio.com.cn' did not match expected CN=`smtp.cwbio.com.cn'

参考文档

下面以：m.cwbio.com.cn, smtp.cwbio.com.cn 为例说明

1. 修改/etc/postfix/main.cf文件

#
# TLS settings.
#
# SSL key, certificate, CA
#
#smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
#smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CApath = /etc/ssl/certs

# provide the primary certificate for the server, to be used for outgoing connections
smtpd_tls_chain_files =
 /etc/ssl/private/iRedMail.key,
 /etc/ssl/certs/iRedMail.crt

# provide the map to be used when SNI support is enabled
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map

2. 新建文件/etc/postfix/vmail_ssl.map, 注意需要对应路径放入相关的ssl证书

# Compile with postmap -F hash:/etc/postfix/vmail_ssl.map when updating
# One host per line
m.cwbio.com.cn /etc/ssl/private/iRedMail.key /etc/ssl/certs/iRedMail.crt
smtp.cwbio.com.cn /etc/ssl/smtp.cwbio.com.cn.key /etc/ssl/smtp.cwbio.com.cn.pem
# add more domains with keys and certs as needed

3. 注意，如果更新了证书，可能需要重新允许这个更新hash

# postmap -F hash:/etc/postfix/vmail_ssl.map

4. 使用命令行测试对应证书

# openssl s_client -connect smtp.cwbio.com.cn:587 -servername smtp.cwbio.com.cn -starttls smtp
# openssl s_client -connect m.cwbio.com.cn:587 -servername m.cwbio.com.cn -starttls smtp

5. 如果没有生效，可以允许命令：

#systemctl restart postfix