Re: [exim] Enforce TLS for outgoing mails

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: Patryk R.
CC: Exim-users
Sujet: Re: [exim] Enforce TLS for outgoing mails
On 2008-07-07 at 14:03 +0200, Patryk R. wrote:
> Hello,
>
> I'm sorry if this is a newbie question. I'm trying to enforce TLS for all outgoing 
> messages, my first attempt was to add to acl_check_rcpt:
>    deny    message       = TLS is required
>            domains       = +local_domains
>            condition     = ${if eq{$tls_cipher}{}{yes}{no}}


These ACLs are only for in-bound.

> However this filtered out all incoming messages as well. My second attempt was to modify
> the dnslookup router, because all outgoing messages go through it. Here's how it looks
> like now:


The $tls_cipher variable only refers to the outbound state once a
connection has been established, ie during the *Transport*, one with an
smtp driver.

> Despite this setting I'm still allowed to send mail without using TLS. What am I doing
> wrong? Any help appreciated.


On the "remote_smtp" transport, add:
hosts_require_tls = *

-Phil