Re: [Exim] TLS versus SMTPS

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Matt Bernstein
Dátum:  
Címzett: James P. Roberts
CC: exim-users
Tárgy: Re: [Exim] TLS versus SMTPS
On Dec 8 James P. Roberts wrote:

>(1) upgrade from Exim 4.02 so I can use --tls-on-connect on port 465, instead
>of going through Stunnel. If I do this, will $tls_cipher be non-blank? Or is
>there another way to validate that the connection is encrypted, when using
>smtps?


Yes, yes and NULL. Off the top of my head:

auth_advertise_hosts = ${if eq{$tls_cipher}{}{localhost}{*}}
tls_advertise_hosts = *

RCPT ACL:

accept hosts = :

  accept  local_parts = postmaster : abuse
          domains = +local_domains : +relay_domains


accept authenticated = *

    [other "policy" stuff here]


accept domains = +local_domains : +relay_domains

  deny    sender_domains = +local_domains : +relay_domains
          encrypted = *
          message = SMTP authentication required


  deny    sender_domains = +local_domains : +relay_domains
          message = TLS/SSL encryption and SMTP authentication required


  deny      message = relaying not permitted


AUTH ACL:

accept encrypted = *

accept condition = ${if eq{${uc:$smtp_command_argument}}{CRAM-MD5}{yes}{no}}

# maybe include SPA too..

accept hosts = localhost

  deny    message = STARTTLS required before plaintext AUTH