294296Re: How best to eliminate "domain mismatch" warning in mail clients when TLS is used
- Jul 15, 2013On 7/15/2013 3:14 PM, Wietse Venema wrote:
> Ben Johnson:This is the strongest argument that I've seen for adding SNI support to
>> On 7/15/2013 1:10 PM, Viktor Dukhovni wrote:
>>> On Mon, Jul 15, 2013 at 12:47:53PM -0400, Ben Johnson wrote:
>>>> In essence, our clients wish to use their own SSL certificates for their
>>>> SMTP connections.
>>> Are these submission clients? What does the above mean?
>> Yes, these are submission clients. To be clear, our clients want to be
>> able to configure their MUAs to use our MTA's submission service via
>> their own domain names. I know; it is not necessarily a rational or
>> reasonable request.
> It's entirely reasonable if they want to be able to change email
> provider without having to update all their clients.
Postfix. I hadn't even considered this. Maybe this is the basis for our
customers' respective positions; I wish they had made it clearer to
> Unfortunately there are not a lot of development cycles for addingI can't even imagine the complexities; I understand.
> a decent SNI implementation to Postfix.
In the meantime, I am all ears, regarding jf's question about SNI
proxying via, for example, nginx. If that subject is best addressed to
the nginx mailing list, I am happy to take the discussion to the
- << Previous post in topic Next post in topic >>