I've been using Exim4 on my workstation for sometime .
I discover a problem in Exim4's handing of server certificates verification,
when the smtp smarthosts' hostnames are DNS aliases Exim4 always can't
pass verification and
log with something like "certificate/cert name mismatch".
It seems Exim never check the *alias* hostname with the certificate
Subject & SubjectAltName field,
it always check the *canonical* hostname.
For example for gmail: smtp.gmail.com -> gmail-smtp-msa.l.google.com:
smtp.gmail.com is in Subject & SubjectAltName field
Exim check only gmail-smtp-msa.l.google.com and
gmail-smtp-msa.l.google.com not in Subject & SubjectAltName field,
so it log with "certificate/cert name mismatch".
Exim should compare the *alias* hostname smtp.gmail.com