We did a PCI scan for one of our clients and it says they failed due to the SSL certificate, for SMTP Port 25, not matching the domain scanned. Here's what it said:
Description: SSL Certificate with Wrong Hostname
Synoposis: The SSL certificate for this service is for a different host.
Impact: The commonName (CN) of the SSL certificate presented on this service is for a different machine.
But our other PCI scan says it didn't fail. Do you guys think it's a real fail? Thanks!