On Sunday, May 06, 2007 at 09:16, Andreas Metzler wrote:
> You'd be happy with something like this?
[..]
> ++Listing a host in tls_verify_hosts does not directly require the host
> ++to actually use TLS. It can still send SMTP commands through
> ++unencrypted connections. Enforcing TLS for a host needs to be done
> ++separately using ACLs.
Thanks for the quick response, this looks all good to me!
> ######################################
> hostlist youmustusedverifiedtls = blah.example.com : foo.example.com
>
> tls_verify_hosts = +youmustusedverifiedtls
> [...]
>
> begin acl
> acl_check_mail:
> deny
> message = No TLS encryption used
> hosts = +youmustusedverifiedtls
> condition = ${if eq{$tls_cipher}{}{yes}{no}}
> ######################################
I guess you could replace the condition line with
! encrypted = *
(This is what I do.)
Regards,
Oskar
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
