Dňa 29. marca 2023 21:11:05 UTC používateľ Evgeniy Berdnikov via Exim-users
napísal:
> One can generate self-signed certs, paying 2 cents, but you can't generate
> trust for such amount of money. Trust to public CAs can be measured by cost
> of related risks and business, starting from hundreds
Dňa 29. marca 2023 20:27:30 UTC používateľ Viktor Dukhovni via Exim-users
napísal:
>On Wed, Mar 29, 2023 at 06:59:42PM +, Slavko via Exim-users wrote:
>> Do you expect that all these domains have to use
>> the same name in MX? Or do you expect thousands certs
>> on that MTA?
>
>Either will
On Wed, Mar 29, 2023 at 06:59:42PM +, Slavko via Exim-users wrote:
> Why in hell the certificate signed by same (anonymous for me)
> group (understand CA) is considered as secure, but certificate
> signed by my own CA is not ? Only because someone (anonymous
> for me again) decided that these
On Wed, Mar 29, 2023 at 06:59:42PM +, Slavko via Exim-users wrote:
> Verifying name in case of SMTP has another problem -- which
> name to verify? Recipient's domain name? Name from MX? Or
> frpm PTR? You know they often differs, at least in that that MX
> is subdomain or even totally
On 29/03/2023 17:59, Viktor Dukhovni via Exim-users wrote:
It is (at least in Postfix) also possible
Please note that this mailing list is not focussed on Postfix.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
Dňa 29. marca 2023 16:24:22 UTC používateľ Bill Cole via Exim-users
napísal:
>On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
>Kirill Miazine via Exim-users
>is rumored to have said:
>
>> Exactly. The former preventing passive data collection, the later --
>> active. Still,
On Wed, Mar 29, 2023 at 12:24:22PM -0400, Bill Cole via Exim-users wrote:
> On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
> Kirill Miazine via Exim-users is rumored to have said:
>
> > Exactly. The former preventing passive data collection, the later --
> > active. Still,
On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
Kirill Miazine via Exim-users
is rumored to have said:
Exactly. The former preventing passive data collection, the later --
active. Still, if *I* were to state a legal requirement that certain
domains use TLS, I'd also ask
On 29/03/2023 10:40, Slavko via Exim-users wrote:
Dňa 29. 3. o 10:56 Olaf Hopp (SCC) via Exim-users napísal(a):
decided still to live with 2 pairs of routers and transports
and keep in mind, when I change one of them, I have to change the other one as
well.
And what about include common
The subject line caught my interest.
My mail domain is DNSSEC Signed and I have SSL/TLS Certificates (Let's
Encrypt - which I've automated) that cover it - and have implemented
TLSA records for my mail server a few years back. So if the recipient
SMTP server also happens to have a TLSA DNS
Dňa 29. 3. o 10:56 Olaf Hopp (SCC) via Exim-users napísal(a):
On 3/28/23 15:59, Mike Tubby via Exim-users wrote:
Jeremys proposal sounded promising at first look, but after his correction
that I have to use "max_rcpts = 1" and that these are my main routers /
transports
handling ~200k Mails
Dňa 29. 3. o 10:22 Evgeniy Berdnikov via Exim-users napísal(a):
On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
I understand it might help a little bit to require TLS, but without
verficiation that a certificate is valid, TLS requirement is not such
a big win, is
On 3/28/23 15:59, Mike Tubby via Exim-users wrote:
Hi Olaf,
outbound_force_tls:
driver = dnslookup
domains = +tls_force_remote_domains
transport = remote_smtp_force_tls
outbound_lookup:
driver = dnslookup
domains = ! +local_domains
• Evgeniy Berdnikov via Exim-users [2023-03-29 11:22]:
> On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
> > I understand it might help a little bit to require TLS, but without
> > verficiation that a certificate is valid, TLS requirement is not such
> > a big win,
On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
> I understand it might help a little bit to require TLS, but without
> verficiation that a certificate is valid, TLS requirement is not such
> a big win, is it?
Depends on your aims. Pure encryption is one level of
I understand it might help a little bit to require TLS, but without
verficiation that a certificate is valid, TLS requirement is not such
a big win, is it?
I too have a transport that would require TLS for certain sending
domains, but I haven't yet required TLS verification, because it often
Hi Olaf,
I had a similar problem several years ago, but had to ensure TLS in and
TLS out to potentially hundreds of domains so implemented in in our mail
relay servers using a MySQL database:
CREATE TABLE `tls_force_remote_domains` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
Dňa 27. 3. o 10:49 Jasen Betts via Exim-users napísal(a):
On 2023-03-23, Jeremy Harris via Exim-users wrote:
rather than the multi_domain; I'm not certain that there's coding in
the transport to check for all-same-domain when expanding $domain.
It did check the last time that I looked, if
On 2023-03-23, Jeremy Harris via Exim-users wrote:
> On 23/03/2023 16:01, Jeremy Harris via Exim-users wrote:
>> allsmtp:
>> driver = smtp
>> hosts_require_tls = ${if
>> match_domain{$domain}{+domainlist-with-TLS-Domains} {*}{}}
>> multi_domain = false
>
> Actually, better have
>
On 24/03/2023 14:45, Olaf Hopp (SCC) via Exim-users wrote:
Am I missing something ?
The behaviour defined in the docs does not cover your use.
The actual implementation, and behaviour, could change underneath you.
--
Cheers,
Jeremy
--
## List details at
On 3/24/23 13:42, Jeremy Harris via Exim-users wrote:
On 24/03/2023 12:28, Olaf Hopp (SCC) via Exim-users wrote:
Do you think "multi_domain = false" is not worth for trying ?
Corrrect.
But seems to work:
<= olafh...@kit.edu
=> f...@example.com ... X=TLS... example.com is the Domain
On 24/03/2023 12:28, Olaf Hopp (SCC) via Exim-users wrote:
Do you think "multi_domain = false" is not worth for trying ?
Corrrect.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with
On 3/23/23 17:19, Jeremy Harris via Exim-users wrote:
On 23/03/2023 16:01, Jeremy Harris via Exim-users wrote:
allsmtp:
driver = smtp
hosts_require_tls = ${if match_domain{$domain}{+domainlist-with-TLS-Domains}
{*}{}}
multi_domain = false
Actually, better have
max_rcpt = 1
rather
On 23/03/2023 16:01, Jeremy Harris via Exim-users wrote:
allsmtp:
driver = smtp
hosts_require_tls = ${if match_domain{$domain}{+domainlist-with-TLS-Domains}
{*}{}}
multi_domain = false
Actually, better have
max_rcpt = 1
rather than the multi_domain; I'm not certain that there's
On 23/03/2023 15:30, Olaf Hopp (SCC) via Exim-users wrote:
router_A:
domains: +domainlist-with-TLS-Domains
transport: tlssmtp
router_B:
domains: *
transport: smtp
tlssmtp:
hosts_require_tls = *
driver = smtp
smtp:
driver smtp
in reality two routers and
Hi,
for legal reasons I have a list of domains, where I *must* send via TLS
Currently, I have two routers and transports:
router_A:
domains: +domainlist-with-TLS-Domains
transport: tlssmtp
router_B:
domains: *
transport: smtp
tlssmtp:
hosts_require_tls =
26 matches
Mail list logo