When using Go's smtp.SendMail to send an email to support@groupsio.zendesk.com, I get the following error:
x509: certificate is valid for mx.zendesk.com, www.mx.zendesk.com, not mail.pod-4.int.zendesk.com
Before calling SendMail, I do an MX lookup on groupsio.zendesk.com, which returns mail.pod-4.int.zendesk.com. So, the address I pass into SendMail is mail.pod-4.int.zendesk.com:25.
This used to work, but something broke and I can't figure out what's wrong. If I send a message to support@groupsio.zendesk.com from Gmail, it works fine.
Using http://www.checktls.com/, it's clear that the Zendesk TLS cert is incorrect in that it doesn't specify that mail.pod-4 host. But, you can still use the cert to encrypt the message; you just may be susceptible to man-in-the-middle attacks.
The Go TLS library has a config flag, InsecureSkipVerify, that when set to true, will go ahead with this certificate/host combo. There's no way to specify that flag at the smtp.SendMail level. If you wish to go ahead and send the email anyways, you need to clone the smtp library, and within smtp.SendMail, on line 283, set the InsecureSkipVerify flag to true.
It's unclear to me if Gmail is functionally doing this, or if I'm missing a detail somewhere.