Autor: W B Hacker Data: A: exim-users Assumpte: Re: [exim] STARTTLS before EHLO?
Heiko Schlittermann wrote:
> Hello,
>
> should exim support receiving a STARTTLS *before* receiving an EHLO?
*trim*
It does do so.
That is the 'legacy' ssl mode AKA 'tls_on_connect'
One may elect to offer it on selected ports in a manner such as:
local_interfaces = <your server IP>
daemon_smtp_ports = 25 : <others> : 465 : 587
tls_on_connect_ports = 465 : 587
- leaving one or more submission ports 'modern' TLS (negotiated)
and one or more 'forced' SSL/TLS.
Depending on your mix of clientele and phase-out/upgrade of
their MUA's, you may wish to use the now-standard TLS on the
'proper' ports and the obsolescent SSL (tls_on_connect) on
non-standard ports. Many older MUA's that canot 'DO' TLS
negotiation, can accept at least acccept an arbitrary port.
Some modern MUA no longer have SSL / tls_on_connect - just TLS
or en-clair.
In any case, do NOT set port 25 to tls_on_connect // SSL
Though that might be a very effective anti-spam measure, simply
powering-off the server is quieter and 'greener'.... ;-)
