On 3/28/23 15:59, Mike Tubby via Exim-users wrote:
> Hi Olaf,
>
>
> outbound_force_tls:
> driver = dnslookup
> domains = +tls_force_remote_domains
> transport = remote_smtp_force_tls
>
>
> outbound_lookup:
> driver = dnslookup
> domains = ! +local_domains
> transport = remote_smtp
> ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
> no_more
>
>
> and then this in my transports:
> remote_smtp:
> driver = smtp
>
> remote_smtp_force_tls:
> driver = smtp
> hosts_require_tls = *
> hosts_try_fastopen = !*.l.google.com
> tls_require_ciphers = HIGH:!SRP:!PSK:!SHA:@STRENGTH
>
>
Hi Mike,
thanks for your code. But my question was not how to implement "domains-with-force-TLS"
This is already solved and I ended up with two almost identical routers
and two almost identical transports. Your config also uses 2 routers and 2 transports.
In my case these routers and transports are lengthy and also do all of the DKIM signing stuff.
And my question was to rid of the second router and transport and to consolidate my code.
Jeremys proposal sounded promising at first look, but after his correction
that I have to use "max_rcpts = 1" and that these are my main routers / transports
handling ~200k Mails per day I decided still to live with 2 pairs of routers and transports
and keep in mind, when I change one of them, I have to change the other one as well.
"max_rcpts = 1" seems to "expensive" in my use case.
Regards , Olaf
--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)
Dipl.-Geophys. Olaf Hopp
Zirkel 2
Gebäude 20.21, Raum 316
76131 Karlsruhe
Telefon: +49 721 608-48009
E-Mail: Olaf.Hopp@???
Web:
www.scc.kit.edu
Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe
KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft