Re: [exim] SNI and DANE TLSA record monitoring

Top Pagina
Delete this message
Reply to this message
Auteur: Viktor Dukhovni
Datum:  
Aan: exim users
Onderwerp: Re: [exim] SNI and DANE TLSA record monitoring

> On Oct 19, 2016, at 2:02 PM, Felipe Gasper <felipe@???> wrote:
>
>> I am somewhat sympathetic to the desire for SNI on port 587, where
>> asking users to change settings is a bear, with port 25 SMTP, I've
>> yet to see a compelling reason for server-side SNI support. Do not
>> go there, unless your back's against the wall...
>
> I’m probably missing something here … how do you get STARTTLS clients to accept/request the correct hostname for TLS when there is only one TLS-secured FQDN?


That's what MX records are for:

    a.example. IN MX 0 example.net.
    b.example. IN MX 0 example.net.
    ...
    zzzzzzzzzzz.example. IN MX 0 example.net


MTA-to-MTA TLS clients connect the same shared MX host for all
the above recipient domains.

But we digress... Likely his is drifting too far from the
charter of this list.

-- 
-- 
    Viktor.