Re: [exim] deny non-encrypted client connections (smarthost)

Góra strony
Delete this message
Reply to this message
Autor: Ian Eiloart
Data:  
Dla: Neustadt
CC: exim-users
Temat: Re: [exim] deny non-encrypted client connections (smarthost)

On 22 Aug 2013, at 22:01, Neustadt <neustadt@???>
wrote:

> I would like to know if there is a way to deny non encrypted connections when exim connects as a client to a smtp-relay/smarthost.


As others have said, hosts_require_TLS = * will do this. However, that may leave you unable to connect to many hosts. Messages for any host that does not advertise STARTTLS will not be delivered.

You may be OK with that, but it's also worth knowing that Exim will, by default, use TLS if it's advertised. However, if the TLS setup doesn't work, then Exim will fall back to unencrypted delivery. You can prevent that fallback by setting tls_tempfail_tryclear to true: if the recipient's MX servers *all* advertise STARTTLS, then you'll get an encrypted delivery (if the TLS is working on one of the hosts) or none at all.

--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148