Hello, I have problems connecting DANE configured hosts, when the MX has a correct TLSA-RR but an valid certificate (letsencrypt) with the wrong CN. I cases with self-signed certs and correct TLSA-RR there are no problems. With the correct CN in an valid certificate and correct TLSA-RR everythings is also ok.
In the documentation I read: >If DANE is requested and useable (see above) the following transport options >are ignored: > hosts_require_tls = * > tls_verify_hosts > tls_try_verify_hosts > ls_verify_certificates > ls_crl > ls_verify_cert_hostnames > ls_sni and that translates to me, that DANE should have precedence, when the TLSA-RR and all other settings match! But that seems not the case. What I am missing? Thanks for any hints Wolfgang -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
