Re: [exim] TLS interaction problem with Communigate Pro 4.1.…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Marc Sherman
Fecha:  
A: exim-users
Asunto: Re: [exim] TLS interaction problem with Communigate Pro 4.1.6
Florian Weimer wrote:
> Communigate Pro (at least in some versions) does not cope very well
> with TLS advertisements. If this server software tries to submit a
> message to one of our hosts (which advertises STARTTLS during EHLO),
> it aborts the delivery attempt during the TLS handshake. The nasty
> part: it immediately retries, at the same MX, leading to the same
> failure, probably until the message has expired from the queue.
>
> Is there some sort of configuration hack that could help to address
> this problem? I don't want to fall back to SSL 3.0 globally (hich
> would solve this particular problem), and sender-specific
> configuration is only a last resort.
>
> The messages the remote hosts are trying to deliver aren't important,
> I guess. It's probably just backscatter.


Why allow TLS on port 25 at all? There's not much security value in TLS
for random MTA-MTA traffic. If your users are all using 587 for
submission, you can put:

tls_advertise_hosts = ${if eq{$interface_port}{587}{*}{}}

- Marc