At Webmail: https://www.titi.org/webmail, user-1 can connect without any problem.
I sent the message to firstname.lastname@example.org and everything went well.
DKIM does indicate that it is from srv1.titi.org. Everything indicates that only titi.org exists and there is no mention of toto.org at all in the email received.
I have looked at Markos DNS records and see that I don’t have CAA and TLSA records.
● The certificate for titi.org is a SAN in the sense that it is used for mail, srv1, www, etc.
● Configuring the CAA record, I have to use a flag
[issue || issuewild || iodef].
† issue: explicitly authorizes a single certificate authority to issue a certificate (any type) for the hostname.
† issuewild: explicitly authorizes a single certificate authority to issue a wildcard certificate (and only wildcard) for the hostname.
† iodef: specifies a URL to which a certificate authority may report policy violations.
● Is the flag
issue the proper one to use ?
● Is that the solution to have Thunderbird working with email@example.com or there is another way to solve that ?
If I remember well, the SAN is for a multi-domains (meaning mail, srv1, www, etc, and possibly also including titi.org, titi.com, titi.net) and WILDCARD is for *.domain (here the [ * ] meaning mail, srv1, www, etc, but all from the same domain).
I am confused, but on a higher level than before…
The TLSA record will be for later if possible…
All comments and suggestions are highly appreciated,