yar's questions -server

yar

Asked: 2013-11-26 09:05:33 +0800 CST

Does Postfix need a TLS cert for every destination domain?

When Postfix is the destination for multiple domains, does it need a TLS cert for every one of them, or just for the domain in $myhostname?

That is to say, are there smtp clients out there who will check certs against the MX they used to look us up, or are they all smart enough to wait for 220 response and/or do reverse DNS, and check against that?

Is it even possible to receive the 220 without checking the certificate first?

But otherwise, is it even possible for Postfix to know what cert the client wants?

EDIT: Even if they do reverse DNS, if clients are willing to accept MX addresses that resolve to arbitrary domains, isn't that trivial to MITM? Or is the solution to never use a vanity MX if I want TLS?

Does Postfix need a TLS cert for every destination domain?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?