Re: [exim] tls_sni = $host for all outgoing connections

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MHeiko Schlittermann at <-
 
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] tls_sni = $host for all outgoing connections
> On Oct 12, 2019, at 7:56 AM, Heiko Schlittermann via Exim-users <exim-users@???> wrote:
>
> what harm can happen if we set tls_sni = $host for all outgoing
> smtp connections?
>
> Can't we make it defaulting to the remote host name?

It needs to match the TLSA base domain for DANE, which is occasionally,
as a result of CNAME expansion, different from the MX hostname.

Otherwise, so DANE still overrides that setting as needed, it should
be mostly harmless, see a related postfix-users thread:

http://postfix.1071664.n5.nabble.com/Respecting-MTA-STS-td103109.html 

-- 
    Viktor.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Define preferred encryption algorithmsRe: [exim] Define preferred encryption algorithms->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)