Re: [exim] Problem with tls_certificate and multiple domains

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M+\Evgeniy Berdnikov at <-
MMMCyborg at ->
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Problem with tls_certificate and multiple domains
Nospam2k via Exim-users <exim-users@???> (Mi 16 Okt 2019 19:25:05 CEST):
> Ok, so. In order to simplify. Let’s say I have several domains being hosted by a server called maindomain.com <http://maindomain.com/> providing dovecot/exim as the mail servers. I want to be able to use each domain name as the name of the mail server, ex. for host myhosteddomainone.com <http://mydomainone.com/> I want to use mail.hosteddomainone.com <http://mail.domainone.com/> for the mail server names and not maindomain.com <http://maindomain.com/> for the end user.

While understanding the idea behind, I'd like to repeat myself: you're
asking for PITA - given the level of experience and familiarity with the
products and protocols you're going to use.

> When I use Mac Mail and try to create an account, I get a “Mail cannot verify the identity of the server” because the certificate is for maindomain.com <http://maindomain.com/> (I’m not sure why that is even being served as I’ve removed all instances of TLS from the exim.conf).

Probably because recent versions of Exim default to advertise TLS to all
hosts and generate a self signed certificate on demand.

> So, how do I configure exim so mail can still be accessed via tls and an account can be created without any complaints about certificates from Apple Mail?

I'm quite sure that there are other means of informing the Apple Mail
client about the server names it has to use. (DNS (SRV?) records, a magic
provider database, …)

> NOTE: I’m assuming this is related to exim because if I set tls_certificate to point to a certificate for mail.hosteddomainone.com <http://mail.hosteddomainone.com/>, Apple Mail will create an account with no complaint.

Then -- you got the information you need. Start using it.
And you got the warnings :) 

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Problem with tls_certificate and multiple domainsRe: [exim] Problem with tls_certificate and multiple domains->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)