--On 6 November 2007 20:09:05 -0500 Dean Brooks <[EMAIL PROTECTED]> wrote:
> > As such, I use "hosts_avoid_tls = *" on all my remote SMTP transports > for outbound traffic, and I have set "tls_advertise_hosts" global > option to only advertise if the incoming port is 587 or if customer > is submitting to one of our special submission-only addresses. Likewise. In fact, we separate our MX and MSA IP addresses. We require TLS and smtp auth on port 25 and 587 on the MSA addresses - except for some IP addresses on campus. It's sensible to allow people to use port 25, since some don't know how to use 587. However, we advise everyone to use 587. We offer TLS on the MX address, for those that wish to use it, though we recognise that the security benefits are marginal. We won't accept MAIL FROM our domains on the MX addresses unless TLS and smtp auth are used, or a message header indicates that the message was originally submitted through our servers. This ensures that our "internal" email is virtually spam free. -- Ian Eiloart IT Services, University of Sussex x3148 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
