> On Oct 19, 2016, at 9:00 AM, Felipe Gasper <[email protected]> wrote:
>
>
> Exim’s approach is BEAUTIFUL for the purpose of separate certificates per
> domain. cPanel 11.60 just shipped with this support added. The great thing is
> that, unlike Apache or Dovecot, the mapping of domain to certificate is
> dynamic, not in a static list. For shared hosting environments, where each
> machine/VPS can serve tens of thousands of individual domains, this is a boon.
>
> I’d be fine with some facility to configure by-domain configs, logs, or what
> not in tandem with the certificate. Just as long as it’s still simple and
> easy to determine the certificate by the DOMAIN, not by served content.
What's even more beautiful is using a single MX hostname for a boatload
of domains, with a single associated certificate. Works great for
domeneshop.no (serving over 100k DANE-enabled SMTP domains via 4 MX
hosts), and transip.nl (serving a similar number of domains), ...
I am somewhat sympathetic to the desire for SNI on port 587, where
asking users to change settings is a bear, with port 25 SMTP, I've
yet to see a compelling reason for server-side SNI support. Do not
go there, unless your back's against the wall...
--
Viktor.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
