All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Exchange 2016 'dynamic' 220 response
Hey guys,
In my little lab at the datacenter I've set up an Exchange 2016 server joined to my fictional <domain.com> domain. It takes e-mail for multiple external domains and it's all working brilliantly.
Now, besides SPF, DKIM and DMARC which are all working I want to include DANE.
So I've set up DNSSEC and a TLSA record for <domain2.com>, which let's assume is also a domain that my Exchange accepts mail for, as a starter. It's all set up correctly if I may believe the response of some online checking websites.
Now here comes the issue. When opening a connection to Exchange, port 25, it replies with 220 exchange.domain.com . Ofcourse DANE fails because it expects 220 exchange.domain2.com.
MX-records for both domains have been set up as exchange.domain.com and exchange.domain2.com but ofcourse pointing at the same IP. But Exchange just gives a 220 according to the domain it's joined to.
Is there any option to have Exchange respond to the domain it's called for externally? Or does anyone know of an other way to achieve this? Been breaking my head over this for a few days now and LMGTFY just doesn't give me the answer to my question. Or I've gotten blind and running around in circles in my own thoughts now :-/
Any help is highly appreciated!
Comments
having never heard of DANE previously but doing some quick reading on it - can you create a multi domain cert so that the correct domain name is present on the cert?
Smart, that did the trick indeed! Thank you!