Hi ,
I am trying to secure my EXIM servers , was wondering how I can accomplish
the following:
- Restrict email relay to TLS and reject none TLS connections.
- Use port 587 for client TLS connections back to VIP then to servers.
- Restrict mail inflow to port 25 and 465 if possible.
*Current Setup :*
- I do relay by IP and have VIP SSL installed locally on each EXIM server.
- I connect from Linux clients using mailx -S smtp-use-starttls.
- I have tried all settings below and still EXIM relay email without TLS
daemon_smtp_ports = 25 : 465 : 587
tls_advertise_hosts = *
tls_on_connect_ports = 465 : 587
auth_advertise_hosts = localhost : ${if eq{$tls_cipher}{}{no}{*}}
server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}
hosts_require_tls = *
acl_check_rcpt:
deny ! hosts = : +relay_from_hosts
! authenticated = *
Your response is appreciated
Thanks
