On Sat, Jan 09, 2016 at 10:56:40AM -0500, Wietse Venema wrote: > > Is CheckTLS.com just insisting that the CN of the certificate should > > match the mx record of the mail domain in question or is this genereally > > expected? > > Regardless of what CheckTLS.com says, what is the server name in > the MX record? That is the name that needs to match the certificate.
White lies to children? :-) The more complete story is that with port 25 SMTP, absent DANE, nobody checks the OP's certificate anyway, it can say "example.com" and TLS will work exactly as securely as with any other name. However, if the OP uses DANE, and if the TLSA records pin a trust-anchor (certification authority) rather than an end-entity (server) certificate, then the DNS name in the certificate needs to be the MX hostname. On the other hand, if the OP is asking some peer domains to implement explicit mandatory WebPKI TLS verification for mail to his domain, then the certificate needs to match the recipient domain, rather than the MX hostname, as in the CheckTLS report. Otherwise, verification is subject DNS-based MITM attacks (barring DNSSEC, at which point better to use DANE, and ask the peers to enforce that). I am hoping more MTAs will implement DANE over the next couple of years, now that OpenSSL has DANE support (in the "master" dev branch, expected to be released as 1.1.0-alpha2 this week). -- Viktor.