Hi,
Terrance Devor <ter.devor@???> (So 30 Aug 2015 01:57:16 CEST):
…
>
> 1) All authentication (ie, passing of username and password) should be done
> over SSL/TLS port 465. Attempts to pass username and password over port
> 25 will result in deny, error message returned to the MTA, and log
465 is deprecated, use 587 and STARTTLS. Read about
'server_advertise_conition' to avoid advertising AUTH on unencrypted
connections.
> 2) When relaying
>
> Assume our local domain is example.com
>
> (i) user1@??? ----> (465) Exim (465) ------> user2@???
> (ii) user1@??? ----> (465) Exim (25) ------>
> ter.devor@??? etc...
> (iii) ter.devor@??? ------> (25) Exim (465) ------>
> user1@???
You do not want to relay vom anywhere to anywhere, do you?
Accepting messages from outside should be done for your very own domain
only, here for example.com. Exceptions are possible, in case you know
what you're doing :)
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
