The certificate is normally validated against the MX name, not recipient domain.
Example: emailservice1.com MX smtp1.example.org emailservice2.com MX smtp1.example.org Certificate is issued to smtp1.example.org Also even if you use SNI, imagine you send a mail to a user at emailservice1 AND also emailservice2, and you understand why not even SNI would work. "Michael Ströder" <mich...@stroeder.com> skrev: (15 december 2015 10:12:56 CET) >Viktor Dukhovni wrote: >> So, we've managed to hold off on offering SNI support for a decade >> since TLS was integrated into Postfix 2.2. I just wanted to see >> whether anyone still wanted it in Postfix, but perhaps if they >> really did they've moved on to other solutions. > >SNI is a prerequisite for implementing something like [1] if a host is >MX for >more than one recipient domain. > >Ciao, Michael. > >[1] https://tools.ietf.org/html/draft-friedl-uta-smtp-mta-certs -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
smime.p7s
Description: S/MIME Cryptographic Signature
