Re: Best practive for TLS/DNS Setup for exim

[Dan Ritter <dsr@randomstring.org>]

Rainer Dorsch wrote: 
> Am Montag, 18. Mai 2020, 20:50:49 CEST schrieb Dan Ritter:
> > Rainer Dorsch wrote:
> > > I was more concerned about the outgoing server configured in the email
> > > clients and used to send main from my domain (at least so far I did not
> > > understand that they can make use of the MX record).
> > 
> > It depends on the MTA you choose for your email clients, but
> > unless you choose the very simplest systems, they can be
> > configured to look up the MX record and use that. (Postfix has a
> > fallback_relay option, Exim can accept multiple hosts in a
> > route_list statement, and so forth.)
> 
> Thanks again for your reply.
> 
> But what about a client like Thunderbird, kmail or Android mail clients. They 
> need an *outgoing* server.
> 
> Do they handle MX records?

No, if you need high availability for those, you need load
balancing. DNS is not a good way of doing that; consider
ldirectord or haproxy or pound, and remember that you will need
at least two of those machines in a STONITH configuration.

In any of these cases, you'll configure all your mail servers to
answer as smtp.domain with the same TLS certificate.

-dsr-