Loading ...
Sorry, an error occurred while loading the content.

294296Re: How best to eliminate "domain mismatch" warning in mail clients when TLS is used

Expand Messages
  • Ben Johnson
    Jul 15, 2013
    • 0 Attachment
      On 7/15/2013 3:14 PM, Wietse Venema wrote:
      > Ben Johnson:
      >> On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
      >>> On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
      >>>
      >>>> In essence, our clients wish to use their own SSL certificates for their
      >>>> SMTP connections.
      >>>
      >>> Are these submission clients? What does the above mean?
      >>>
      >>
      >> Yes, these are submission clients. To be clear, our clients want to be
      >> able to configure their MUAs to use our MTA's submission service via
      >> their own domain names. I know; it is not necessarily a rational or
      >> reasonable request.
      >
      > It's entirely reasonable if they want to be able to change email
      > provider without having to update all their clients.
      >

      This is the strongest argument that I've seen for adding SNI support to
      Postfix. I hadn't even considered this. Maybe this is the basis for our
      customers' respective positions; I wish they had made it clearer to
      begin with.

      > Unfortunately there are not a lot of development cycles for adding
      > a decent SNI implementation to Postfix.
      >
      > Wietse
      >

      I can't even imagine the complexities; I understand.

      In the meantime, I am all ears, regarding jf's question about SNI
      proxying via, for example, nginx. If that subject is best addressed to
      the nginx mailing list, I am happy to take the discussion to the
      appropriate list.

      Thanks again,

      -Ben
    • Show all 15 messages in this topic