Re: Best practive for TLS/DNS Setup for exim
Rainer Dorsch wrote:
> Am Montag, 18. Mai 2020, 20:50:49 CEST schrieb Dan Ritter:
> > Rainer Dorsch wrote:
> > > I was more concerned about the outgoing server configured in the email
> > > clients and used to send main from my domain (at least so far I did not
> > > understand that they can make use of the MX record).
> >
> > It depends on the MTA you choose for your email clients, but
> > unless you choose the very simplest systems, they can be
> > configured to look up the MX record and use that. (Postfix has a
> > fallback_relay option, Exim can accept multiple hosts in a
> > route_list statement, and so forth.)
>
> Thanks again for your reply.
>
> But what about a client like Thunderbird, kmail or Android mail clients. They
> need an *outgoing* server.
>
> Do they handle MX records?
No, if you need high availability for those, you need load
balancing. DNS is not a good way of doing that; consider
ldirectord or haproxy or pound, and remember that you will need
at least two of those machines in a STONITH configuration.
In any of these cases, you'll configure all your mail servers to
answer as smtp.domain with the same TLS certificate.
-dsr-
Reply to: