On Sunday, April 29, 2012 at 01:08:50 UTC, Jack.Toering@??? confabulated:
> It works fine now for voluntary TLS mail submission. What do I have to do
> to make it mandatory? With all of the mobile devices these days, this
> should be the most asked question on the list. Users are giving away their
> user name and password all day long at hot spots in coffee shops and
> airports if they are not forced to use TLS like all of the large E-mail
> services require these days.
Here's what I use. It accepts connections from hosts the server relays
for, connections on port 25, and encrypted connections.
Connections to any other enabled port must have TLS enabled.
Otherwise, they get dropped.
...
acl_smtp_auth = acl_check_auth
...
acl_check_auth:
...
accept hosts = +relay_from_hosts
accept condition = ${if eq{$received_port}{25}}
accept encrypted = *
drop message = Your connection must be encrypted.
log_message = Connection from \
[$sender_host_address]($authenticated_id) was \
not encrypted.
...
--
If at first you don't succeed...
...so much for skydiving.
