Re: [exim] equivalent of postfix policy map?

On 2019-03-14, Alice Wonder via Exim-users <exim-users@???> wrote:
> I'm looking through the manual trying to find the equivalent of a
> postfix policy map file for outgoing domains where I can define one
> domain should require TLS 1.2 with high quality ciphers and PKIX
> validation while another domain only requires TLS 1.0 with medium
> quality ciphers and no validation of the X509 cert, etc.

exim has fewer predefined features than postfix, using instead its
string expansion programming language where special cases need to be
handled.

Exim provides transport options like tls_require_ciphers it's up to
you as admin to pick a static value or use some sort of string expansion
- pehaps do a file or (NO)SQL database lookup, or run an external utility) to
get the correct values for each parameter of each connection.

> This is for a project that uses one host (that may or may not be on the
> mail server) to monitor mailbox domains and detect what domains should
> use policies more restrictive than opportunistic TLS.

Exim already understands DANE

> I really want it to work with Exim as well as postfix, but I am having
> trouble finding what chapter in the Exim manual covers where and how
> such policies are defined.

CH30 "The SMTP Transport"
CH42 "Encrypted SMTP"
CH11 "String Expansions"
CH9 "File and database lookups"


Also:

Ch3 "How Exim receives and delivers mail"

Is probably the most important chapter, it explains the life-cycle of
an email and how the several parts of an exim mail system interact.
Re-reading it can often provide inspiration when a task seems impossible.


The command-line '/usr/sbin/exim -be' will allow easy experimentation with
string expansions.

--
When I tried casting out nines I made a hash of it.