On 12/01/18 00:38, Daniel Jost wrote:
> I created a route and a transport in my exim configuration to allow
> certain sender domains to enforce encrypted transfer (mandantory tls).
> The idea is that if an authenticated user sends an email, the server
> looks up if the domain has mandantory tls enabled and routes the message
> through the transport that only succeeds if the remote mail server
> supports tls.
>
> That was the easy part. :-) Another part of the idea is that the sender
> receives a bouncer if remote server doesn't support tls. Unfortunately
> exim seems to handle a failed hosts_require_tls condition as an
> temporary error, puts the mail to the queue and tries again and again to
> deliver the mail.
I don't think there is a way. The failure to TLS is treated the same
as a failure to connect, there's no provision for either fast-fail
(bypassing retries) or a specific error that could be noticed by a
retry rule, and there's no provision for customising the bounce
message enough.
Possibly there might be enough in the Experimental DSN-info facility
that would get part-way there.
But the request ties into a lot of security-related issues - visibility
of downgrade-attacks, and so on.
A feature request is probably worthwhile (
https://bugs.exim.org/) so
that the idea isn't lost.
--
Cheers,
Jeremy
