micah anderson:

If we want to try and respect MTA-STS, when doing STARTTLS, the sender
needs to send the right information in the TLS SNI (Server Name
Inidication) extension. An MTA-STS-honoring SMTP client expects to
validate the X.509 certificate of the receiving MTA, but that MTA might
be known by a dozen names, unless the SNI is provided.

I don't fully understand the value of SNI for MTA-to-MTA communication,
but that's an other problem.

I suggest to look at https://github.com/Snawoot/postfix-mta-sts-resolver ...

Andreas


Reply via email to