Re: [exim] How can I require TLS for mail submission?

Pàgina inicial

Reply to this message
Autor: Duane Hill
A: Exim-users
Assumpte: Re: [exim] How can I require TLS for mail submission?
On Sunday, April 29, 2012 at 01:08:50 UTC, Jack.Toering@??? confabulated:

> It works fine now for voluntary TLS mail submission. What do I have to do
> to make it mandatory? With all of the mobile devices these days, this
> should be the most asked question on the list. Users are giving away their
> user name and password all day long at hot spots in coffee shops and
> airports if they are not forced to use TLS like all of the large E-mail
> services require these days.

Here's what I use. It accepts connections from hosts the server relays
for,    connections    on    port   25,  and   encrypted  connections.
Connections   to  any  other  enabled  port  must  have  TLS  enabled.
Otherwise, they get dropped.

acl_smtp_auth = acl_check_auth
  accept  hosts         = +relay_from_hosts
  accept  condition     = ${if eq{$received_port}{25}}
  accept  encrypted     = *
  drop    message       = Your connection must be encrypted.
          log_message   = Connection from \
                          [$sender_host_address]($authenticated_id) was \
                          not encrypted.

If at first you don't succeed... much for skydiving.