https://sources.debian.org/patches/sendemail/1.56-5.2/fix_tls_hostname_verification.patch/
https://bugs.debian.org/1041517
--- a/sendEmail
+++ b/sendEmail
@@ -1903,7 +1903,10 @@ else {
     if ($conf{'tls_server'} == 1 and $conf{'tls_client'} == 1 and $opt{'tls'} =~ /^(yes|auto)$/) {
         printmsg("DEBUG => Starting TLS", 2);
         if (SMTPchat('STARTTLS')) { quit($conf{'error'}, 1); }
-        if (! IO::Socket::SSL->start_SSL($SERVER, SSL_version => 'TLSv1_3', SSL_verify_mode => 0x00)) {
+        if (! IO::Socket::SSL->start_SSL($SERVER,
+		SSL_version => 'TLSv1_3',
+		SSL_verifycn_scheme => 'smtp',
+		SSL_verifycn_name => $conf{'server'})) {
             quit("ERROR => TLS setup failed: " . IO::Socket::SSL::errstr(), 1);
         }
         printmsg("DEBUG => TLS: Using cipher: ". $SERVER->get_cipher(), 3);