Am 23.08.2013 14:07, schrieb Neustadt:
Am 23.08.2013 13:31, schrieb Ian Eiloart:
On 22 Aug 2013, at 22:01, Neustadt <[email protected]>
wrote:
I would like to know if there is a way to deny non encrypted
connections when exim connects as a client to a smtp-relay/smarthost.
As others have said, hosts_require_TLS = * will do this. However, that
may leave you unable to connect to many hosts. Messages for any host
that does not advertise STARTTLS will not be delivered.
You may be OK with that, but it's also worth knowing that Exim will,
by default, use TLS if it's advertised. However, if the TLS setup
doesn't work, then Exim will fall back to unencrypted delivery. You
can prevent that fallback by setting tls_tempfail_tryclear to true: if
the recipient's MX servers *all* advertise STARTTLS, then you'll get
an encrypted delivery (if the TLS is working on one of the hosts) or
none at all.
Hi,
I didnt understand this part of yours:
> if the recipient's MX servers *all* advertise STARTTLS, then you'll
> get an encrypted delivery (if the TLS is working on one of the hosts)
> or none at all.
especially what you wrote in brackets. Are you saying I can ensure that
mails get encrypted through all passing relays until they can reach
their destination with tls_tempfail_tryclear?
Otherwise I don't see any difference to unsing hosts_require_TLS =
MY.SMTP.RELAY
By the way. Is there a way to create own variables that can be used
across different exim config files?
Would be neat to not have it my smtp relays specified twice, once in
exim4.conf.template and once in update-exim4.conf.conf
Regards
Adrian
would anyone else know what he meant?
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
