On 12 Aug 2013, at 05:00, Phil Pennock <exim-users@???> wrote:
> On 2013-08-11 at 23:14 +0100, Michael J. Tubby B.Sc G8TIC wrote:
>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html
>>
>>
>> Then you can use the $tls_cipher variable which is set to the name of
>> the cipher in use, or null on clear connections, as part of the HELO ACL
>> to simply return a message to the connected host that says something to
>> the effect of:
>>
>> 554 You must say STARTTLS to use an encrypted session
>>
>> in return to a HELO/EHLO on a clear session...
>
> Almost, but not quite.
>
> Remember, SMTP/TLS starts with a cleartext server banner, the client
> sending EHLO and then looking for STARTTLS in the extended response,
> before initiating TLS.
>
> Instead, you want an ACL on MAIL or RCPT (or DATA, etc) which prohibits
> the message unless $tls_cipher is defined.
>
> But otherwise, yes.
>
> -Phil
You may wish to wait for RCPT, so that you can accept unencrypted email to postmaster@…, so that you can explain. On the other hand, that would permit gathering of (at least one) recipient email addresses, for each message.
There isn't a way of enforcing encryption of the sender address, since you can't test for encryption before the MAIL FROM command is issued. Still, at least all that the feds would get would be email addresses of people who have tried and failed to send email to you.
You could require SSL on connect, but you'll lose all email except submissions from your users, and there's little benefit there because most (a) most mail clients will encrypt by default if they can, and (b) your users aren't likely to persist making unencrypted connections that they can't use.
For what it's worth, less than a third of our inbound smtp connections so far today used TLS. That's a lot of email to reject, given that many senders will have no control over this.
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148
