Am 23.08.2013 13:31, schrieb Ian Eiloart:
On 22 Aug 2013, at 22:01, Neustadt <[email protected]>
wrote:
I would like to know if there is a way to deny non encrypted connections when
exim connects as a client to a smtp-relay/smarthost.
As others have said, hosts_require_TLS = * will do this. However, that may
leave you unable to connect to many hosts. Messages for any host that does not
advertise STARTTLS will not be delivered.
You may be OK with that, but it's also worth knowing that Exim will, by
default, use TLS if it's advertised. However, if the TLS setup doesn't work,
then Exim will fall back to unencrypted delivery. You can prevent that fallback
by setting tls_tempfail_tryclear to true: if the recipient's MX servers *all*
advertise STARTTLS, then you'll get an encrypted delivery (if the TLS is
working on one of the hosts) or none at all.
Hi,
I didnt understand this part of yours:
> if the recipient's MX servers *all* advertise STARTTLS, then you'll
> get an encrypted delivery (if the TLS is working on one of the hosts)
> or none at all.
especially what you wrote in brackets. Are you saying I can ensure that
mails get encrypted through all passing relays until they can reach
their destination with tls_tempfail_tryclear?
Otherwise I don't see any difference to unsing hosts_require_TLS =
MY.SMTP.RELAY
By the way. Is there a way to create own variables that can be used
across different exim config files?
Would be neat to not have it my smtp relays specified twice, once in
exim4.conf.template and once in update-exim4.conf.conf
Regards
Adrian
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
