> On Oct 12, 2019, at 7:56 AM, Heiko Schlittermann via Exim-users > <[email protected]> wrote: > > what harm can happen if we set tls_sni = $host for all outgoing > smtp connections? > > Can't we make it defaulting to the remote host name?
It needs to match the TLSA base domain for DANE, which is occasionally, as a result of CNAME expansion, different from the MX hostname. Otherwise, so DANE still overrides that setting as needed, it should be mostly harmless, see a related postfix-users thread: http://postfix.1071664.n5.nabble.com/Respecting-MTA-STS-td103109.html -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
