> On 25 Feb 2022, at 9:57 am, Wietse Venema <wie...@porcupine.org> wrote:
>
> @lbutlr:
>> In short, does postfix need to know the name the client used to connect
>> to the server?
>
> By default, Postfix does not care how a client discovers an MTA
> (which MX record was used, if any, etc.).
>
> You can configure postscreen to require that a client tries a
> more-preferred MX before a less-preferred MX, but that is entirely
> optional.
The above is true, but that does not make it a good idea to anoint
a single Postfix server with many different hostnames.
The moment TLS enters into the picture, you start to need much more
complicated certificate management to get MUAs to see an acceptable
certificate for its expected nameme on ports 587 and 465, and other
MTAs to see certificates matching the TLSA records of the multiple
hostnames (including DNS-ID SANs with DANE-TA(2)) when doing DANE or
otherwise verifying the hostname in the certificate for better or
worse.
Avoid multiple names if you can.
--
Viktor.
