[BlueOnyx:26198] Re: SNI

[Robert Fitzpatrick]

Michael Stauber wrote on 5/9/2023 11:09 PM:
> #> echo -n | openssl s_client -connect 5211r1.smd.net:993 -servername 
> 5211r1.smd.net | openssl x509 -noout -text | grep 5211r1.smd.net
> depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = R3
> verify return:1
> depth=0 CN = 5211r1.smd.net
> verify return:1
> DONE
>          Subject: CN=5211r1.smd.net
>                  DNS:5211r1.smd.net
> 
> So in this case the certificate we saw was indeed for the Vsite 
> (5211r1.smd.net) and NOT the server (5211r.smd.net).
> 
> Conclusion: SNI for IMAP works.
> 
> If it doesn't in your case, then I'm of course willing to take a look. 
> File a "Support Reqest" via the GUI and tick "Allow Access" and in the 
> comments mention the name of the Vsite where SNI for email doesn't seem 
> to work for you.
> 
> This could indeed be an issue with the SNI cert configuration on the 
> server, but it could also be an email client or email client 
> configuration issue. I can at least check the server side of things for 
> you and we can then take it from there. But generally speaking: With 
> Thunderbird (on PC and Linux) as well as with K-9 on my Android phone I 
> usually have no issues at all with SNI for email. So these are good 
> choices, but naturally not the only ones.
> 

Thanks Michael, that helps a lot, much appreciated. It seems my Postfox 
was set to STARTTLS. This will allow me to troubleshoot easily.

-- 
Robert