The DANE fix:
- ob->tls_sni = sx->first_addr->domain; /* force SNI */ + ob->tls_sni = sx->conn_args.host->name; /* force SNI */ replaces the recipient domain with the MX hostname. When the MX host is a CNAME, is that necessarily the same as the TLSA base domain? How does Exim handle MX hosts that are CNAMEs? Are fully expanded (secure at every step, with fallback to the original name) CNAMEs used for TLSA lookups (per RFC7672?)? -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/