Re: [exim] How can I require TLS for mail submission?

Top Page
Delete this message
Reply to this message
Author: Duane Hill
Date:  
To: Exim-users
Subject: Re: [exim] How can I require TLS for mail submission?
On Sunday, April 29, 2012 at 01:08:50 UTC, Jack.Toering@??? confabulated:

> It works fine now for voluntary TLS mail submission. What do I have to do
> to make it mandatory? With all of the mobile devices these days, this
> should be the most asked question on the list. Users are giving away their
> user name and password all day long at hot spots in coffee shops and
> airports if they are not forced to use TLS like all of the large E-mail
> services require these days.


Here's what I use. It accepts connections from hosts the server relays
for,    connections    on    port   25,  and   encrypted  connections.
Connections   to  any  other  enabled  port  must  have  TLS  enabled.
Otherwise, they get dropped.


...
acl_smtp_auth = acl_check_auth
...
acl_check_auth:
...
  accept  hosts         = +relay_from_hosts
  accept  condition     = ${if eq{$received_port}{25}}
  accept  encrypted     = *
  drop    message       = Your connection must be encrypted.
          log_message   = Connection from \
                          [$sender_host_address]($authenticated_id) was \
                          not encrypted.
...


--
If at first you don't succeed...
...so much for skydiving.