Re: [exim] Development Request for Selectable Opportunistic …

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] Development Request for Selectable Opportunistic vs. Forced TLS
On Fri, Apr 30, 2021 at 01:42:51AM -0400, Stan Haimes, MD via Exim-users wrote:

> For most messages, sending the outgoing email by Opportunistic TLS would
> be desirable and perfect.
>
> However, if the Subject field contains "[Secure]", I would like that to
> trigger different message handling by EXIM.


Other than your choice of a subject pattern as the trigger, you're
looking for something akin to the REQUIRETLS ESMTP extension:

    https://www.ietf.org/rfc/rfc8689.html


but it seems only for the first message delivery hop, and without a
commitment by the receiving MTA to honour the TLS requirement
end-to-end, or meaningful authentication of the MX host.

If the presence of the header in question can be used to influence the
selection of the smtp "router" (I think that's the right term in Exim,
in Postfix terminology that'd be a "transport"), then likely the TLS
policy of mandatory, but possibly unauthenticated TLS could just be a
router property.

So this would likely not require new code, or at most very little code,
just enough to ensure that the right "router" is selected for non-local
message recipients. The only thing that requires care is to avoid
inadvertent routing of local recipients via SMTP, thus the "router"
selection logic must not affect local or other non-SMTP recipients:

    if (remote && subject_tagged_secure
    then
        mandatory_tls_router
    else
        normal_router_selection
    endif


-- 
    Viktor.