We have two mail domains running on our UTM (9.510-5). We have DKIM and SPF entries for both domains. The first domain for which the SSL cert was issued is just fine, TLS set for 1.2 only in the advanced settings. Checked with an external SSL/TLS tool, only TLS1.2 is active.
But if I check the mx entry for the other domain (No profile mode, both domains share the same settings), the external SSL/TLS check says that the mail server for this domain supports SSL_RSA_WITH_RC4_128_SHA and TLS from 1.0 to 1.2, so it uses weak ciphers.
How is that possible? The tool says that both domains are using the same IP ergo the same UTM with the same settings for both domains is in use. I've removed the second domain, saved that and re-added, but no change. The exim.conf has only one section for TLS settings, there's no separation for different domains.
A first guess was the missing name of the second domain in the SSL cert. This is a three-year-cert and when it was issued the second domain was not in place, it came into game at a later date. So there is no SAN or alternate name included.
This thread was automatically locked due to age.