Re: [exim] Problem with tls_certificate and multiple domains

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Richard James Salts
Dátum:  
Címzett: exim-users
Új témák: [exim] All mail to gmail address goes to spam. Everywhere else is fine
Tárgy: Re: [exim] Problem with tls_certificate and multiple domains
On Thursday, 17 October 2019 9:17:04 AM AEDT Viktor Dukhovni via Exim-users
wrote:
> On Wed, Oct 16, 2019 at 10:04:16PM +0200, Cyborg via Exim-users wrote:
> > Am 16.10.19 um 19:25 schrieb Nospam2k via Exim-users:
> > > I want to use
> > > mail.hosteddomainone.com <http://mail.domainone.com/> for the mail
> > > server names and not maindomain.com <http://maindomain.com/> for
> > > the end user.
> >
> > You will never know what to provide, as the servername is part of the
> > initial greeting HELO. Your setup will fail every time, because it's too
> > late when you find out what to use. See below why .
>
> This is false, neither the name in the 220 greeting (banner) nor
> the initial line of the EHLO response does not preclude the server
> from presenting a different name in its certificate, possibly based
> on SNI.
>
> > > So, how do I configure exim so mail can still be accessed via tls and
> > > an account can be created without any complaints about certificates from
> > > Apple Mail?
> >
> > AppleMail and other Clients do two checks:
> >
> > a) check for the MX record of your domain and that the server uses this
> > as hostname.
>
> False, only MTAs look at MX records, IMAP clients and SUBMIT clients
> do not.
>
> > And if you can't find out, why your mailclient uses a specific name as
> > server, check the autodiscover result for the domain,
> > you may find a hardcoded servername there.
>
> For all but the largest email providers (Google, Microsoft, ...),
> there is little use of "autodiscover", the user fills in the IMAP
> and SMTP server names. The closest to that is:
>
>     https://tools.ietf.org/html/rfc6186

>
> IIRC it is not widely implemented.

I don't think any widely used MUA uses dns autodiscovery based on SRV records.
Most of them seem to follow Microsoft's autodiscover spec: https://
docs.microsoft.com/en-us/exchange/architecture/client-access/autodiscover