Re: [exim] STARTTLS before EHLO?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: W B Hacker
Datum:  
To: exim-users
Betreff: Re: [exim] STARTTLS before EHLO?
Heiko Schlittermann wrote:

> Hello,
>
> should exim support receiving a STARTTLS *before* receiving an EHLO?


*trim*

It does do so.

That is the 'legacy' ssl mode AKA 'tls_on_connect'


One may elect to offer it on selected ports in a manner such as:

local_interfaces = <your server IP>

daemon_smtp_ports = 25 : <others> : 465 : 587

tls_on_connect_ports = 465 : 587

- leaving one or more submission ports 'modern' TLS (negotiated)
and one or more 'forced' SSL/TLS.

Depending on your mix of clientele and phase-out/upgrade of
their MUA's, you may wish to use the now-standard TLS on the
'proper' ports and the obsolescent SSL (tls_on_connect) on
non-standard ports. Many older MUA's that canot 'DO' TLS
negotiation, can accept at least acccept an arbitrary port.

Some modern MUA no longer have SSL / tls_on_connect - just TLS
or en-clair.

In any case, do NOT set port 25 to tls_on_connect // SSL

Though that might be a very effective anti-spam measure, simply
powering-off the server is quieter and 'greener'.... ;-)

HTH,

Bill Hacker