Re: [exim-dev] tls_sni = $host in default configuration file

2018-12-17 Thread Andreas Metzler via Exim-dev
On 2018-12-17 Phil Pennock via Exim-dev  wrote:
> On 2018-12-16 at 10:42 +, Jeremy Harris via Exim-dev wrote:
> > On 16/12/2018 10:20, Andreas Metzler via Exim-dev wrote:
> > > 4.92rc1 adds this to the smarthost_smtp transport:
> > > 
> > > tls_sni = $host
> > > 
> > > I do not think that always works as expected. Depending on the DNS setup
> > > (CNAME, round robin) $host will not contain the name of the selected
> > > smarthost anymore but a different value.
[...]
> I think that I just missed that we might adapt `$host` during the life
> of the Transport.

> 
> 30.2

> Absent `hosts_override` or `hosts` directly on the Transport, Round
> Robin A records have no cause to change the host _name_.  So the only
> issue should be CNAME records?
[...]

Hello Phil,

I only recognized the problem because we have had to workaound/document
around it in Debian for ages. - We have been using ${lookup{$host} in
smtp authentication.

CNAME for smarthost is very common, the biggest players (office365,
gmail and yahoo) use it.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##


Re: [exim-dev] tls_sni = $host in default configuration file

2018-12-17 Thread Jasen Betts via Exim-dev
On 2018-12-16, Phil Pennock via Exim-dev  wrote:
> On 2018-12-16 at 10:42 +, Jeremy Harris via Exim-dev wrote:
>> On 16/12/2018 10:20, Andreas Metzler via Exim-dev wrote:
>> > 4.92rc1 adds this to the smarthost_smtp transport:
>> > 
>> > tls_sni = $host

What does DANE say we shoud ask for? I remember it being non-obvious but
easily explained. However I don't however remember the detail.


-- 
  When I tried casting out nines I made a hash of it.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##