On 2008-07-07 at 14:03 +0200, Patryk R. wrote:
> Hello,
>
> I'm sorry if this is a newbie question. I'm trying to enforce TLS for all outgoing
> messages, my first attempt was to add to acl_check_rcpt:
> deny message = TLS is required
> domains = +local_domains
> condition = ${if eq{$tls_cipher}{}{yes}{no}}
These ACLs are only for in-bound.
> However this filtered out all incoming messages as well. My second attempt was to modify
> the dnslookup router, because all outgoing messages go through it. Here's how it looks
> like now:
The $tls_cipher variable only refers to the outbound state once a
connection has been established, ie during the *Transport*, one with an
smtp driver.
> Despite this setting I'm still allowed to send mail without using TLS. What am I doing
> wrong? Any help appreciated.
On the "remote_smtp" transport, add:
hosts_require_tls = *
-Phil
