Re: [exim] equivalent of postfix policy map?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] equivalent of postfix policy map?
On 15/03/2019 13:16, Alice Wonder via Exim-users wrote:
> use a default
> policy of encrypt so that cleartext is never used (e.g. doctors office
> where you don't want passive snooping to be able to extract private
> medical information about a patient), and under a default policy of
> encrypt, it then has to be told to use DANE instead for domains that
> support DANE. Not sure if Exim dane support works the same way.


A transport with hosts-require-tls and hosts-try-dane both set,
used by a router picking out those domains

>
> Also domains without DANE sometines use MTA-STS and STARTTLS Everywhere
> policies to let an MTA know that they should require validated TLS
> rather than opportunistic TLS.


https://github.com/Exim/exim/wiki/starttls-everywhere will be
of interest.


> It appears that there is little interest in MTA-STS capabilities being
> built-in to Exim


Indeed. I gave up on internal support once using https became involved.
That doesn't mean someone else couldn't expend the development effort.
--
Cheers,
Jeremy