On 11.08.2017 09:26, Davide Perini wrote:
Thunderbird ignore peer verification on both IMAP and SMTP.
Nope. For a test, set up foo.some.domain and bar.some.domain as CNAME records for imap.some.domain, with the server certificate containing both imap.some.domain and foo.some.domain, but not bar.some.domain.
The attempt to connect with an IMAP server name of bar.some.domain, will cause Thunderbird to open an "Add Security Exception" dialog, with the complaint "Wrong Site - The certificate belongs to a different site, which could mean that someone is trying to impersonate this site." (see attached image). That's the result of peer verification.
-Ralph