subject:"Re\: \[exim\] Question TLS"

Re: [exim] Question TLS

2018-02-24 Thread Jasen Betts via Exim-users

On 2018-02-22, Luciano InfoCultura via Exim-users  wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only 
> allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use 
> authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports 
> = 465..

I'm guessing you mean inbound.

Put this

 require
   message=starttls required
   encrypted=*
   
in the smtp mail ACL "acl_check_mail" on debian systems.

-- 
This email has not been checked by half-arsed antivirus software 

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Question TLS

2018-02-24 Thread Phil Pennock via Exim-users

On 2018-02-22 at 17:34 +, Luciano InfoCultura via Exim-users wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only 
> allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use 
> authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports 
> = 465..

The MAIN_TLS_ENABLE setting is a sign of the Debianized configuration.

All of the Exim settings you have listed above are for how Exim listens,
not how it sends; sending is controlled via the SMTP "Transport" linked
to whichever "Router" accepted the message/recipient and chose remote
delivery via SMTP for it.

Ports 465 and 587 are for initial Submission by clients and not for
server-to-server traffic (except in special hacky situations such as
having your mail-server pretend to be a client, of Gmail/whatever).
Unless you've got a special arrangement in place, you're sending on port
25 and using STARTTLS to upgrade the connection.

I don't see a Debian control knob for this.  From Exim's side, you want
the SMTP Transport to include:

  hosts_require_tls = *

-Phil

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Question TLS

Re: [exim] Question TLS

2 matches

Site Navigation

Mail list logo

Footer information