* on the Thu, Aug 22, 2013 at 11:01:34PM +0200, Neustadt wrote: > I would like to know if there is a way to deny non encrypted connections > when exim connects as a client to a smtp-relay/smarthost. > > When acting as a smtp server I mananged to realize this through: > > acl_check_mail: > deny !encrypted = * > message = TLS required > > But, as I see it there are no access control lists (acl) for exim when > running as a client. Correct, or is this they way to do it?
ACLs apply to incoming email. What you want is to add "hosts_require_tls" to your SMTP transport as detailed on this page: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_smtp_transport.html E.g: remote_smtp: driver = smtp hosts_require_tls = smarthost1.example.com : smarthost2.example.com This wont do certificate verification though so is still susceptible to a MITM attack. For that you want to use the tls_verify_certificates option which is detailed on the same page. Further information about TLS can be found at: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
