Autor: Phil Pennock Datum: To: Luciano InfoCultura CC: exim-users@exim.org Betreff: Re: [exim] Question TLS
On 2018-02-22 at 17:34 +0000, Luciano InfoCultura via Exim-users wrote: > How do I make connections initiated on ports 25 or 587 in plain text only allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 465..
The MAIN_TLS_ENABLE setting is a sign of the Debianized configuration.
All of the Exim settings you have listed above are for how Exim listens,
not how it sends; sending is controlled via the SMTP "Transport" linked
to whichever "Router" accepted the message/recipient and chose remote
delivery via SMTP for it.
Ports 465 and 587 are for initial Submission by clients and not for
server-to-server traffic (except in special hacky situations such as
having your mail-server pretend to be a client, of Gmail/whatever).
Unless you've got a special arrangement in place, you're sending on port
25 and using STARTTLS to upgrade the connection.
I don't see a Debian control knob for this. From Exim's side, you want
the SMTP Transport to include: