On Sun, 19 May 2019, The Doctor via Exim-users wrote:
How can I force e-mail from the Internet At large to be only accepted
if and only if done by SSL/TLS methods?
Jeremy suggested
ACL condition "encrypted"
Can I ask a supplementary question ?
TLS v1.0 and v1.1 are on the way out for https*;
how did you decide which versions to allow for mail ?
If you use the same certificate for smtp and pop, imap and/or https webmail
then using an old protocol leaves you open to cross-protocol downgrade
attacks (like DROWN but tls instead of ssl).
On the other hand, I see more effort put into updating encryption for web
than for mail.
* eg https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
Thanks,
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
