On 2018-02-22 at 17:34 +0000, Luciano InfoCultura via Exim-users wrote: > How do I make connections initiated on ports 25 or 587 in plain text only > allow the sending of messages after using STARTTLS. > my brief configuration:The message exchange is between servers and do not use > authentication. > ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports > = 465..
The MAIN_TLS_ENABLE setting is a sign of the Debianized configuration. All of the Exim settings you have listed above are for how Exim listens, not how it sends; sending is controlled via the SMTP "Transport" linked to whichever "Router" accepted the message/recipient and chose remote delivery via SMTP for it. Ports 465 and 587 are for initial Submission by clients and not for server-to-server traffic (except in special hacky situations such as having your mail-server pretend to be a client, of Gmail/whatever). Unless you've got a special arrangement in place, you're sending on port 25 and using STARTTLS to upgrade the connection. I don't see a Debian control knob for this. From Exim's side, you want the SMTP Transport to include: hosts_require_tls = * -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/