Re: [exim] SNI and DANE TLSA record monitoring

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim users
Sujet: Re: [exim] SNI and DANE TLSA record monitoring

> On Oct 19, 2016, at 1:26 PM, Felipe Gasper <felipe@???> wrote:
>
> Our reason went like this: many email clients will assume that “bob@???” uses either “foo.org” or “mail.foo.org” as a mail server.
>
> When the only way to have working SSL is for the client to know about “shared49.somehost.where-is-this.com”, the client and server have to be smart enough to do autoconfig, or the user has to type that in manually. This makes for a worse user experience and increases support requests.


It seems you're describing a port 587 requirement. I have some
sympathy for those. RFC 6186 was supposed to handle that, but
never got any traction. If/as DNSSEC becomes more pervasive,
perhaps that will evolve. I the mean-time, I do understand the
pressure to accomodate those pesky port 587 users. There are,
FWIW rather large providers for whom a shared mail server
name is working well...

-- 
    Viktor.