Re: [exim] EXIM4 - Secure SMTP - Ubuntu 12.04 and CentOS 6.x AMD64

Mon, 12 Aug 2013 00:11:58 -0700 

On 2013-08-08, DLSauers <[email protected]> 
wrote:
> Looking to secure things up... and I want to ensure that all inbound 
> email is secured.
>
> So is it possible to setup EXIM4 on Ubuntu 12.04 and CentOS 6.x to use 
> SECURE SMTP *ONLY*!
>
> Thus all connections to the SMTP server would be encrypted... YES this 
> probably means a 90%+ ELIMINATION in servers that can email the domains 
> setup on such a server, oh well, so sad. You don't need to email me then!
>
> I want security, SECURITY ! SECURITY! Encrypted "meta data" connection 
> thus snooping is slowed down unless certain alphabets want to brute force 
> it and put those Crays in UT to work! POP3 ad IMAP with SSL/TLS is 
> already implemented... Secure drives is being implemented, and physical 
> control changes are being made too. Yes the servers are moving off US 
> soil, and weak jurisdictions.
>
> If there is a way that a non secure connection can be told to "Sorry 
> stupid server, you need to try it securely!" and/or send back a 
> message... Sorry! This server requires a SSL/TLS connection to send 
> email! Please configure your server thusly, and try again! Or don't 
> bother!"

acl_mail:
  
  require
    message=Sorry! This server requires a SSL/TLS connection to send \
      email! Please configure your server thusly, and try again! Or don't \
      bother! 
    encrypted = *

perhaps also these?

  require
    message=you need a real TLS cert
    verify = certificate
    message=you need a stronger TLS cert
    condition = ${if >= {$tls_bits}{2048}}
         
> Simply quit listening on Port 25? ? And only on 465 ????

465 is deprecated (if the RFCs are to be believed)

> Lots of HOWTO: on enabling SSL/TLS, but it appears from these that NON 
> SSL/TLS is still possible and that the initial connection may be 
> UNSECURE! ! ! BZZT!!!!

What's the problem with using plaintext before STARTTLS? nothing is
exposed that can't be found using a reverse lookup, probing, or whois
lookup.

-- 
⚂⚃ 100% natural

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to