On Wed, Jan 22, 2020 at 01:21:08AM +0100, Maeldron T. via Exim-users wrote:
> I’m not sending spam, hence the emails are personalized. Even more, they > are confidential. Unfortunately, the only thing that helped was turning off > the SSL on the internal (sending) server. I can’t keep it like that. Or, > maybe I can, if I make a VPN or SSH tunnel connection between the internal > server and the smart host. The messages will sill be sent one by one, but > at least the SSL connection overhead won’t be there while it will be secure. [ I hope it is not out of line to mention a related Postfix capability on this list when a user appears to be looking for something to meet a need that does to appear to be directly supported by Exim, apologies otherwise... ] FWIW, Postfix 3.4 can perform multiple deliveries over multiple parallel TLS connections, without deferring mail to be retried later. You could deploy a Postfix server between your Exim server and the destination, or deploy a simple dedicated Postfix server between the application and the smarthost. http://www.postfix.org/announcements/postfix-3.4.0.html Postfix SMTP client support for multiple deliveries over the same TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don't combine deliveries. https://github.com/vdukhovni/postfix/blob/postfix-3.4/postfix/RELEASE_NOTES Major changes - tls connection pooling -------------------------------------- [Feature 20180617] Postfix SMTP client support for multiple deliveries per TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don't combine deliveries. This feature is enabled with "smtp_tls_connection_reuse=yes" in main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. It supports all Postfix TLS security levels including dane and dane-only. The implementation of TLS connection reuse relies on the same scache(8) service as used for delivering plaintext SMTP mail, the same tlsproxy(8) daemon as used by the postscreen(8) service for inbound connections, and relies on the same hints from the qmgr(8) daemon. It reuses the configuration parameters described in CONNECTION_CACHE_README. The Postfix SMTP client now logs whether an SMTP-over-TLS connection is newly established ("TLS connection established") or whether the connection is reused ("TLS connection reused"). The following illustrates how TLS connections are reused: Initial plaintext SMTP handshake: smtp(8) -> remote SMTP server Reused SMTP/TLS connection, or new SMTP/TLS connection: smtp(8) -> tlsproxy(8) -> remote SMTP server Cached SMTP/TLS connection: scache(8) -> tlsproxy(8) -> remote SMTP server -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/