On 2013-08-11 at 23:14 +0100, Michael J. Tubby B.Sc G8TIC wrote:
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html
>
>
> Then you can use the $tls_cipher variable which is set to the name of
> the cipher in use, or null on clear connections, as part of the HELO ACL
> to simply return a message to the connected host that says something to
> the effect of:
>
> 554 You must say STARTTLS to use an encrypted session
>
> in return to a HELO/EHLO on a clear session...
Almost, but not quite.
Remember, SMTP/TLS starts with a cleartext server banner, the client
sending EHLO and then looking for STARTTLS in the extended response,
before initiating TLS.
Instead, you want an ACL on MAIL or RCPT (or DATA, etc) which prohibits
the message unless $tls_cipher is defined.
But otherwise, yes.
-Phil
