CORRECTION:
Just discovered that actually the Postfix cert is being sent to the client
regardless of the configuration?so now the remaining question is why would is
the PF cert  sent rather than the cert I have configured in the dovecot.conf
file?
> On Jul 25, 2020, at 2:02 PM, Antonio Leding <tech at leding.net>
wrote:
> 
> Hello all,
> 
> I have a Dovecot (v2.3.10.1) + Postfix (v3.5.3) both cfg; d to use TLS
however each using different certificates.  In addition, I have cfg?d a DNS
CNAME that points to the server A record.  For example,
> 
> mail.example.com <http://mail.example.com/> (A) ?> 1.2.3.4
> alias.example.con (CNAME) ?> mail.example.com
<http://mail.example.com/>
> 
> When setting up a new account in Apple Mail, if I specify the server name
as the ?Host Name? (i.e. mil server), the cert that is cfg?d in Dovecot is
received and everything works fine.  However, if I instead use the alias CNAME
as the ?Host Name?,  then the cert for Postfix is sent to the client.  This
causes issues because I do not have the CNAME in the SAN of the Postfix
certificate.
> 
> I doubt this is a bug because I have to think others have employed a
similar configuration so I must be missing something here ? any thoughts?
> 
> Thanks in advance...
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20200725/6c3bf35a/attachment.html>