Best practive for TLS/DNS Setup for exim

To: Debian User Lists <debian-user@lists.debian.org>
Subject: Best practive for TLS/DNS Setup for exim
From: Rainer Dorsch <ml@bokomoko.de>
Date: Mon, 18 May 2020 19:43:39 +0200
Message-id: <[🔎] 15614988.WQU0u6kgnc@h370-wlan>

Hi,

I am just wondering how a efficient setup for TLS/DNS for exim looks like:

Right now I have an A entry in the DNS server for smtp.<domain> and a 
letsencrypt certificate as well.  

If I setup a new server and call it SMTP2, I need to reconfigure this in all my 
email clients. If I install the SMTP certificates, testing is somewhat limited, 
since the DNS entry still points to another server and I would need to fake 
this.

Does anybody know if I can have a certificate for <hostname>.<domainname> and 
use for smtp a CNAME?

The advantage I would see is that I can have a fully functional config and with 
disabling the SMTP name on the old system and changing the CNAME in the DNS 
system, I could be done.

Does anybody now if the standard email clients can handle the situation in 
which them get as SMTP server a cname and as certificate the <hostname> the 
SMTP cname points to?

Many thanks
Rainer

-- 
Rainer Dorsch
http://bokomoko.de/

Reply to:

Follow-Ups:
- Re: Best practive for TLS/DNS Setup for exim
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: dual screen: some operations are slow (nouveau driver)
Next by Date: Re: dual screen: some operations are slow (nouveau driver)
Previous by thread: Re: Kazam 1.5.x - anyone successfully installed?
Next by thread: Re: Best practive for TLS/DNS Setup for exim
Index(es):
- Date
- Thread