1

I know that a CNAME and a MX record can't exist on the same host. In this scenario I'm using A records to manage SMTP for 350 DNS domains.

companyA.com  MX  myAlias.whitelabel.com 
companyb.com  MX  myAlias.whitelabel.com
companyc.com  MX  myAlias.whitelabel.com
companyd.com  MX  myAlias.whitelabel.com

Assume that myAlias.whitelabel.com is an A record. When you telnet to port 25 of that host, you will get a response from proofpoint saying a different host name: 

220 mx0a-000a9001.pphosted.com ESMTP cm-m0074

Question

  • Is there any validation of the SMTP host name against DNS?

  • Does the SMTP host name have to match the TLS certificate?

My goal is to simplify administration when I change the SMTP relay to another provider.

makerofthings7
  • 8,821
  • 28
  • 115
  • 196
  • I am not aware of any RFC's that state a PTR=HELO match must. AFAIK the CN of the certificate should match the hostname (helo match is pretty useless, you can fill there anything you want), the verification result is often ignored, as there are so many self-signed an invalid certificates out there. Would be interested in a more detailed answer tough. – sebix Nov 22 '15 at 17:28

0 Answers0