Re: [exim] Should MX offer TLS ?

Top Pagina
Delete this message
Reply to this message
Auteur: Ian Eiloart
Datum:  
Aan: Exim Mailing List
Onderwerp: Re: [exim] Should MX offer TLS ?


--On 6 November 2007 20:09:05 -0500 Dean Brooks <dean@???> wrote:

>
> As such, I use "hosts_avoid_tls = *" on all my remote SMTP transports
> for outbound traffic, and I have set "tls_advertise_hosts" global
> option to only advertise if the incoming port is 587 or if customer
> is submitting to one of our special submission-only addresses.


Likewise. In fact, we separate our MX and MSA IP addresses. We require TLS
and smtp auth on port 25 and 587 on the MSA addresses - except for some IP
addresses on campus. It's sensible to allow people to use port 25, since
some don't know how to use 587. However, we advise everyone to use 587.

We offer TLS on the MX address, for those that wish to use it, though we
recognise that the security benefits are marginal.

We won't accept MAIL FROM our domains on the MX addresses unless TLS and
smtp auth are used, or a message header indicates that the message was
originally submitted through our servers. This ensures that our "internal"
email is virtually spam free.

--
Ian Eiloart
IT Services, University of Sussex
x3148