Re: [exim] Enforce TLS for outgoing mails

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Renaud Allard
Datum:  
To: Patryk R.
CC: Exim-users
Betreff: Re: [exim] Enforce TLS for outgoing mails


Patryk R. wrote:
> Hello,
>
> I'm sorry if this is a newbie question. I'm trying to enforce TLS for all outgoing 
> messages, my first attempt was to add to acl_check_rcpt:
>    deny    message       = TLS is required
>            domains       = +local_domains
>            condition     = ${if eq{$tls_cipher}{}{yes}{no}}

>
> However this filtered out all incoming messages as well. My second attempt was to modify
> the dnslookup router, because all outgoing messages go through it. Here's how it looks
> like now:
>


You should use "sender_domains = +local_domains" because what you want
is limiting usage of your domains for outgoing mails

Also you can even refine the rule a little bit more by adding
either (if you use IP to determine relaying authorization)
hosts = +relay_from hosts
either (if you use authentication to determine relaying authorization)
authenticated = *