Re: [exim] SSL forcing

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: exim-users
Betreff: Re: [exim] SSL forcing
Am 19.05.19 um 15:42 schrieb Jeremy Harris via Exim-users:
> On 19/05/2019 14:31, The Doctor via Exim-users wrote:
>> ow can I force e-mail from the Internet At large to be only accepted
>> if and only if done by SSL/TLS methods?
> ACL condition "encrypted".
>


Problem is, that even if tls_1.2 is out since 2008, a communication
partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" ,
you will accept i

It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
and reject anything not 1.2 or 1.3.

If your in the EU, you need to consider this, as  §32 EU GDPR  states
"the used technique(Encryption) to proctect the transport of personal
data has to be state of the art" aka TLS 1.2 or 1.3 .


best regards,
Marius