Hi,
require
message=starttls required
encrypted=*
in the smtp mail ACL "acl_check_mail" on debian systems.
It's works.Thanks
Em Domingo, 25 de Fevereiro de 2018 9:02, "exim-users-request@???" <exim-users-request@???> escreveu:
Send Exim-users mailing list submissions to
exim-users@???
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.exim.org/mailman/listinfo/exim-users
or, via email, send a message with subject or body 'help' to
exim-users-request@???
You can reach the person managing the list at
exim-users-owner@???
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Exim-users digest..."
Today's Topics:
1. Question TLS (Luciano InfoCultura)
2. Re: Question TLS (Phil Pennock)
3. Re: Question TLS (Jasen Betts)
How do I make connections initiated on ports 25 or 587 in plain text only allow the sending of messages after using STARTTLS.
my brief configuration:The message exchange is between servers and do not use authentication.
..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 465..
Luciano da Silva
On 2018-02-22 at 17:34 +0000, Luciano InfoCultura via Exim-users wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 465..
The MAIN_TLS_ENABLE setting is a sign of the Debianized configuration.
All of the Exim settings you have listed above are for how Exim listens,
not how it sends; sending is controlled via the SMTP "Transport" linked
to whichever "Router" accepted the message/recipient and chose remote
delivery via SMTP for it.
Ports 465 and 587 are for initial Submission by clients and not for
server-to-server traffic (except in special hacky situations such as
having your mail-server pretend to be a client, of Gmail/whatever).
Unless you've got a special arrangement in place, you're sending on port
25 and using STARTTLS to upgrade the connection.
I don't see a Debian control knob for this. From Exim's side, you want
the SMTP Transport to include:
hosts_require_tls = *
-Phil
On 2018-02-22, Luciano InfoCultura via Exim-users <exim-users@???> wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 465..
I'm guessing you mean inbound.
Put this
require
message=starttls required
encrypted=*
in the smtp mail ACL "acl_check_mail" on debian systems.
--
This email has not been checked by half-arsed antivirus software
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
