On 2013-08-08, DLSauers <dlsauers-KCdx8pmSnIVBDgjK7y7TUQ@???> wrote:
> Looking to secure things up... and I want to ensure that all inbound
> email is secured.
>
> So is it possible to setup EXIM4 on Ubuntu 12.04 and CentOS 6.x to use
> SECURE SMTP *ONLY*!
>
> Thus all connections to the SMTP server would be encrypted... YES this
> probably means a 90%+ ELIMINATION in servers that can email the domains
> setup on such a server, oh well, so sad. You don't need to email me then!
>
> I want security, SECURITY ! SECURITY! Encrypted "meta data" connection
> thus snooping is slowed down unless certain alphabets want to brute force
> it and put those Crays in UT to work! POP3 ad IMAP with SSL/TLS is
> already implemented... Secure drives is being implemented, and physical
> control changes are being made too. Yes the servers are moving off US
> soil, and weak jurisdictions.
>
> If there is a way that a non secure connection can be told to "Sorry
> stupid server, you need to try it securely!" and/or send back a
> message... Sorry! This server requires a SSL/TLS connection to send
> email! Please configure your server thusly, and try again! Or don't
> bother!"
acl_mail:
require
message=Sorry! This server requires a SSL/TLS connection to send \
email! Please configure your server thusly, and try again! Or don't \
bother!
encrypted = *
perhaps also these?
require
message=you need a real TLS cert
verify = certificate
message=you need a stronger TLS cert
condition = ${if >= {$tls_bits}{2048}}
> Simply quit listening on Port 25? ? And only on 465 ????
465 is deprecated (if the RFCs are to be believed)
> Lots of HOWTO: on enabling SSL/TLS, but it appears from these that NON
> SSL/TLS is still possible and that the initial connection may be
> UNSECURE! ! ! BZZT!!!!
What's the problem with using plaintext before STARTTLS? nothing is
exposed that can't be found using a reverse lookup, probing, or whois
lookup.
--
⚂⚃ 100% natural
