[exim] Restrict email relay to TLS

Top Page
Delete this message
Reply to this message
Author: 3YSTech Services
Date:  
To: Exim-users
Subject: [exim] Restrict email relay to TLS
Hi ,

I am trying to secure my EXIM servers , was wondering how I can accomplish
the following:

- Restrict email relay to TLS and reject none TLS connections.

- Use port 587 for client TLS connections back to VIP then to servers.

- Restrict mail inflow to port 25 and 465 if possible.


*Current Setup :*

- I do relay by IP and have VIP SSL installed locally on each EXIM server.

- I connect from Linux clients using mailx -S smtp-use-starttls.

- I have tried all settings below and still EXIM relay email without TLS

daemon_smtp_ports          = 25 : 465 : 587
tls_advertise_hosts            = *
tls_on_connect_ports         =      465 : 587



auth_advertise_hosts = localhost : ${if eq{$tls_cipher}{}{no}{*}}
server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}
hosts_require_tls = *


acl_check_rcpt:

deny ! hosts         =  : +relay_from_hosts
     ! authenticated = *



Your response is appreciated

Thanks