Re: [exim] Encrypted for Some, Plain for the Rest

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
MHeiko Schlittermann à <-
MHeiko Schlittermann à ->
Supprimer ce message
Répondre à ce message
Auteur: Terrance Devor
Date:  
À: exim-users
Sujet: Re: [exim] Encrypted for Some, Plain for the Rest
Hello Heiko,

Thanks for your response.

On Sun, Aug 30, 2015 at 5:16 PM, Heiko Schlittermann <hs@???>
wrote:

> Hi,
>
> Terrance Devor <ter.devor@???> (So 30 Aug 2015 01:57:16 CEST):
> …
> >
> > 1) All authentication (ie, passing of username and password) should be
> done
> > over SSL/TLS port 465. Attempts to pass username and password over port
> > 25 will result in deny, error message returned to the MTA, and log
>
> 465 is deprecated, use 587 and STARTTLS. Read about
> 'server_advertise_conition' to avoid advertising AUTH on unencrypted
> connections.
>


Understood. Will start moving everything over to port 587. Will I need to
rebuild my SSL certificates and reconfigure for that as well?



>
> > 2) When relaying
> >
> > Assume our local domain is example.com
> >
> > (i) user1@???    ----> (465)  Exim  (465) ------>
> user2@???
> > (ii) user1@???    ----> (465)  Exim  (25) ------>
> > ter.devor@??? etc...
> > (iii) ter.devor@??? ------> (25)    Exim  (465) ------>
> > user1@???

>
> You do not want to relay vom anywhere to anywhere, do you?
>

Exactlly, we do not. And if an individual from outside tries to relay to
another outside email address than obviously this denied. A klnd of black
list
by means of process separation.



> Accepting messages from outside should be done for your very own domain
> only, here for example.com. Exceptions are possible, in case you know
> what you're doing :)
>

There will be no relaying of outside domain emails to other outside emails.
Only valid internal.



>
>     Best regards from Dresden/Germany
>     Viele Grüße aus Dresden
>     Heiko Schlittermann
> --
>  SCHLITTERMANN.de ---------------------------- internet & unix support -
>  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>  gnupg encrypted messages are welcome --------------- key ID: F69376CE -
>  ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


We are just trying to secure the environment as much as possible.


Thanks in Advance,

Nichoals.
Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-users
Informations sur la liste de diffusion | Messages voisins		<-Re: [exim] Encrypted for Some, Plain for the RestRe: [exim] Exim4 and Gmail on RPi - Frozen email->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)