Re: [exim] Exim-users Digest, Vol 165, Issue 23

Top Page

Reply to this message
Author: Luciano InfoCultura
Date:  
To: exim-users@exim.org, Phil Pennock
Subject: Re: [exim] Exim-users Digest, Vol 165, Issue 23
Hi,
require
  message=starttls required
  encrypted=*
  
in the smtp mail ACL "acl_check_mail" on debian systems.

It's works.Thanks


    Em Domingo, 25 de Fevereiro de 2018 9:02, "exim-users-request@???" <exim-users-request@???> escreveu:



Send Exim-users mailing list submissions to
    exim-users@???

To subscribe or unsubscribe via the World Wide Web, visit
    https://lists.exim.org/mailman/listinfo/exim-users
or, via email, send a message with subject or body 'help' to
    exim-users-request@???

You can reach the person managing the list at
    exim-users-owner@???

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Exim-users digest..."
Today's Topics:

  1. Question TLS (Luciano InfoCultura)
  2. Re: Question TLS (Phil Pennock)
  3. Re: Question TLS (Jasen Betts)
How do I make connections initiated on ports 25 or 587 in plain text only allow the sending of messages after using STARTTLS.
my brief configuration:The message exchange is between servers and do not use authentication.
..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 465..


Luciano da Silva


On 2018-02-22 at 17:34 +0000, Luciano InfoCultura via Exim-users wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 465..


The MAIN_TLS_ENABLE setting is a sign of the Debianized configuration.

All of the Exim settings you have listed above are for how Exim listens,
not how it sends; sending is controlled via the SMTP "Transport" linked
to whichever "Router" accepted the message/recipient and chose remote
delivery via SMTP for it.

Ports 465 and 587 are for initial Submission by clients and not for
server-to-server traffic (except in special hacky situations such as
having your mail-server pretend to be a client, of Gmail/whatever).
Unless you've got a special arrangement in place, you're sending on port
25 and using STARTTLS to upgrade the connection.

I don't see a Debian control knob for this.  From Exim's side, you want
the SMTP Transport to include:

  hosts_require_tls = *

-Phil



On 2018-02-22, Luciano InfoCultura via Exim-users <exim-users@???> wrote:
> How do I make connections initiated on ports 25 or 587 in plain text only allow the sending of messages after using STARTTLS.
> my brief configuration:The message exchange is between servers and do not use authentication.
> ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 465..


I'm guessing you mean inbound.

Put this

require
  message=starttls required
  encrypted=*
 
in the smtp mail ACL "acl_check_mail" on debian systems.

--
This email has not been checked by half-arsed antivirus software



--

## List details at https://lists.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##