> On Oct 12, 2019, at 7:56 AM, Heiko Schlittermann via Exim-users <exim-users@???> wrote:
>
> what harm can happen if we set tls_sni = $host for all outgoing
> smtp connections?
>
> Can't we make it defaulting to the remote host name?
It needs to match the TLSA base domain for DANE, which is occasionally,
as a result of CNAME expansion, different from the MX hostname.
Otherwise, so DANE still overrides that setting as needed, it should
be mostly harmless, see a related postfix-users thread:
http://postfix.1071664.n5.nabble.com/Respecting-MTA-STS-td103109.html
--
Viktor.
