Re: [exim] Problem with tls_certificate and multiple domains

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Cyborg
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Problem with tls_certificate and multiple domains
Am 16.10.19 um 19:25 schrieb Nospam2k via Exim-users:
> Ok, so. In order to simplify. Let’s say I have several domains being hosted by a server called maindomain.com <http://maindomain.com/> providing dovecot/exim as the mail servers. I want to be able to use each domain name as the name of the mail server, ex. for host myhosteddomainone.com <http://mydomainone.com/> I want to use mail.hosteddomainone.com <http://mail.domainone.com/> for the mail server names and not maindomain.com <http://maindomain.com/> for the end user.

You will never know what to provide, as the servername is part of the
initial greeting HELO. Your setup will fail every time, because it's too
late when you find out what to use. See below why .

> When I use Mac Mail and try to create an account, I get a “Mail cannot verify the identity of the server” because the certificate is for maindomain.com <http://maindomain.com/> (I’m not sure why that is even being served as I’ve removed all instances of TLS from the exim.conf).
>
> So, how do I configure exim so mail can still be accessed via tls and an account can be created without any complaints about certificates from Apple Mail?
>


AppleMail and other Clients do two checks:

a) check for the MX record of your domain and that the server uses this
as hostname.
b) it checks also, that the name supplied as mailserver in it's account
data matches the server certificate name.

Both must be valid.

So your problem is, that your DNS records do not match the servers
hostname, which he offers.

Thas excatly, what i already wrote earlier. It's a common problem when
setting up mailaccounts in clients.

And if you can't find out, why your mailclient uses a specific name as
server, check the autodiscover result for the domain,
you may find a hardcoded servername there.

best regards,
Marius