Re: [exim] Something like "domains_require_tls"

Top Page
Delete this message
Reply to this message
Author: Slavko
Date:  
To: exim-users
Subject: Re: [exim] Something like "domains_require_tls"
Dňa 29. marca 2023 20:27:30 UTC používateľ Viktor Dukhovni via Exim-users <exim-users@???> napísal:
>On Wed, Mar 29, 2023 at 06:59:42PM +0000, Slavko via Exim-users wrote:


>> Do you expect that all these domains have to use
>> the same name in MX? Or do you expect thousands certs
>> on that MTA?
>
>Either will work, but a single MX hostname is simpler to operate.


Perhaps, but question is not if it will work, but if it is
manageable. And it can be, if people cannot change their
MX, othervise they can (and soon or later will) do strange
things... And this will happen despite of thousand or
one common name.

I recently have to solve not receiving mails from o365,
because one smart IT man decide to setup our domain
in o365, including emails. In process of solving that, he
come to me with requirement to change our MX to MS
ones, just because he find that somewhere in o365 help,
he know nothing what that change mean, nor what MX
Is for, but o365 says that, thus it must be right... People
will do strange things, if they can...

>> Or one cert with thousands names in SAN?
>
>That's what SNI is for, but once again a shared MX hostname is better.


SNI or not SNI, a lot of SANs will harm.

regards


--
Slavko
https://www.slavino.sk/