Re: [exim] Encrypted for Some, Plain for the Rest

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Encrypted for Some, Plain for the Rest
Hi,

Terrance Devor <ter.devor@???> (So 30 Aug 2015 01:57:16 CEST):

>
> 1) All authentication (ie, passing of username and password) should be done
> over SSL/TLS port 465. Attempts to pass username and password over port
> 25 will result in deny, error message returned to the MTA, and log


465 is deprecated, use 587 and STARTTLS. Read about
'server_advertise_conition' to avoid advertising AUTH on unencrypted
connections.


> 2) When relaying
>
> Assume our local domain is example.com
>
> (i) user1@???    ----> (465)  Exim  (465) ------> user2@???
> (ii) user1@???    ----> (465)  Exim  (25) ------>
> ter.devor@??? etc...
> (iii) ter.devor@??? ------> (25)    Exim  (465) ------>
> user1@???


You do not want to relay vom anywhere to anywhere, do you?
Accepting messages from outside should be done for your very own domain
only, here for example.com. Exceptions are possible, in case you know
what you're doing :)

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -