Re: [exim] Should MX offer TLS ?

Top Page
This message is part of the following thread:
M-+--\the complete thread tree sorted by date
M.M-\MMike Cardwell at <-
M\M\MJohn Robinson at ->
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Exim Mailing List
Subject: Re: [exim] Should MX offer TLS ?


--On 6 November 2007 20:09:05 -0500 Dean Brooks <dean@???> wrote:

>
> As such, I use "hosts_avoid_tls = *" on all my remote SMTP transports
> for outbound traffic, and I have set "tls_advertise_hosts" global
> option to only advertise if the incoming port is 587 or if customer
> is submitting to one of our special submission-only addresses.

Likewise. In fact, we separate our MX and MSA IP addresses. We require TLS
and smtp auth on port 25 and 587 on the MSA addresses - except for some IP
addresses on campus. It's sensible to allow people to use port 25, since
some don't know how to use 587. However, we advise everyone to use 587.

We offer TLS on the MX address, for those that wish to use it, though we
recognise that the security benefits are marginal.

We won't accept MAIL FROM our domains on the MX addresses unless TLS and
smtp auth are used, or a message header indicates that the message was
originally submitted through our servers. This ensures that our "internal"
email is virtually spam free.

--
Ian Eiloart
IT Services, University of Sussex
x3148

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Should MX offer TLS ?Re: [exim] Should MX offer TLS ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)