On 23/08/16 20:03, Phillip Carroll wrote: > Although, because of > fallback to unencrypted mode, I admit I can't say for certain that it > "works" in the sense of all traffic being encrypted in both directions.
For incoming, use an "encrypted = *" ACL condition. For outgoing, use a "hosts_require_tls = *" option on all relevant smtp transports. If you're interested in observing peer certificates, look into Exim's Events extension and the certificate-related string expansions. You'll be amazed how many certs presented are non-verifiable. IMHO, after just getting people to make encryption available, cert verifiability will be the next Big Problem. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
