Just discovered that actually the Postfix cert is being sent to the client regardless of the configuration…so now the remaining question is why would is the PF cert sent rather than the cert I have configured in the dovecot.conf file?

On Jul 25, 2020, at 2:02 PM, Antonio Leding <tech@leding.net> wrote:

Hello all,

I have a Dovecot (v2.3.10.1) + Postfix (v3.5.3) both cfg; d to use TLS however each using different certificates. In addition, I have cfg’d a DNS CNAME that points to the server A record. For example,

mail.example.com (A) —> 1.2.3.4
alias.example.con (CNAME) —> mail.example.com

When setting up a new account in Apple Mail, if I specify the server name as the “Host Name” (i.e. mil server), the cert that is cfg’d in Dovecot is received and everything works fine. However, if I instead use the alias CNAME as the “Host Name”, then the cert for Postfix is sent to the client. This causes issues because I do not have the CNAME in the SAN of the Postfix certificate.

I doubt this is a bug because I have to think others have employed a similar configuration so I must be missing something here — any thoughts?

Thanks in advance...