Re: [exim] Encrypted for Some, Plain for the Rest

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MHeiko Schlittermann at <-
MHeiko Schlittermann at ->
Delete this message
Reply to this message
Author: Terrance Devor
Date:  
To: exim-users
Subject: Re: [exim] Encrypted for Some, Plain for the Rest
Hello Heiko,

Thanks for your response.

On Sun, Aug 30, 2015 at 5:16 PM, Heiko Schlittermann <hs@???>
wrote:

> Hi,
>
> Terrance Devor <ter.devor@???> (So 30 Aug 2015 01:57:16 CEST):
> …
> >
> > 1) All authentication (ie, passing of username and password) should be
> done
> > over SSL/TLS port 465. Attempts to pass username and password over port
> > 25 will result in deny, error message returned to the MTA, and log
>
> 465 is deprecated, use 587 and STARTTLS. Read about
> 'server_advertise_conition' to avoid advertising AUTH on unencrypted
> connections.
>


Understood. Will start moving everything over to port 587. Will I need to
rebuild my SSL certificates and reconfigure for that as well?



>
> > 2) When relaying
> >
> > Assume our local domain is example.com
> >
> > (i) user1@???    ----> (465)  Exim  (465) ------>
> user2@???
> > (ii) user1@???    ----> (465)  Exim  (25) ------>
> > ter.devor@??? etc...
> > (iii) ter.devor@??? ------> (25)    Exim  (465) ------>
> > user1@???

>
> You do not want to relay vom anywhere to anywhere, do you?
>

Exactlly, we do not. And if an individual from outside tries to relay to
another outside email address than obviously this denied. A klnd of black
list
by means of process separation.



> Accepting messages from outside should be done for your very own domain
> only, here for example.com. Exceptions are possible, in case you know
> what you're doing :)
>

There will be no relaying of outside domain emails to other outside emails.
Only valid internal.



>
>     Best regards from Dresden/Germany
>     Viele Grüße aus Dresden
>     Heiko Schlittermann
> --
>  SCHLITTERMANN.de ---------------------------- internet & unix support -
>  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>  gnupg encrypted messages are welcome --------------- key ID: F69376CE -
>  ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


We are just trying to secure the environment as much as possible.


Thanks in Advance,

Nichoals.
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Encrypted for Some, Plain for the RestRe: [exim] Exim4 and Gmail on RPi - Frozen email->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)