Re: [exim] MTA-STS and Server Name Indication (SNI) on mail …

Top Page
This message is part of the following thread:
M--+\the complete thread tree sorted by date
M-\MMCyborg at <-
M\MPhil Pennock at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] MTA-STS and Server Name Indication (SNI) on mail servers
On 17/06/2020 20:34, John R. Levine via Exim-users wrote:
> MTA-STS is a newish IETF spec that lets mail operators declare that
> all of their incoming mail servers support STARTTLS.  (See RFC 8461.)

Exim does not support MTA_STS.

> Looking at the mail logs for my servers, it's pretty clear that Exim
> doesn't send SNI.

As a client, Exim can send SNI if configured to do so.

> I would also guess that if an Exim MTA has multiple
> names, it doesn't have any way to select a certificate using SNI.

As a server, Exim has visibility of an SNI sent by a client and
can use it to select a server certificate.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] MTA-STS and Server Name Indication (SNI) on mail serversRe: [exim] option -MCd->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)