Re: [exim] Question TLS

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMLuciano InfoCultura at <-
Jasen Betts at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Luciano InfoCultura
CC: exim-users@exim.org
Subject: Re: [exim] Question TLS
On 2018-02-22 at 17:34 +0000, Luciano InfoCultura via Exim-users wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 465..

The MAIN_TLS_ENABLE setting is a sign of the Debianized configuration.

All of the Exim settings you have listed above are for how Exim listens,
not how it sends; sending is controlled via the SMTP "Transport" linked
to whichever "Router" accepted the message/recipient and chose remote
delivery via SMTP for it.

Ports 465 and 587 are for initial Submission by clients and not for
server-to-server traffic (except in special hacky situations such as
having your mail-server pretend to be a client, of Gmail/whatever).
Unless you've got a special arrangement in place, you're sending on port
25 and using STARTTLS to upgrade the connection.

I don't see a Debian control knob for this. From Exim's side, you want
the SMTP Transport to include:

hosts_require_tls = *

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] SRS reverseRe: [exim] Question TLS->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)