Hi, require message=starttls required encrypted=* in the smtp mail ACL "acl_check_mail" on debian systems.
It's works.Thanks Em Domingo, 25 de Fevereiro de 2018 9:02, "exim-users-requ...@exim.org" <exim-users-requ...@exim.org> escreveu: Send Exim-users mailing list submissions to exim-users@exim.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.exim.org/mailman/listinfo/exim-users or, via email, send a message with subject or body 'help' to exim-users-requ...@exim.org You can reach the person managing the list at exim-users-ow...@exim.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Exim-users digest..." Today's Topics: 1. Question TLS (Luciano InfoCultura) 2. Re: Question TLS (Phil Pennock) 3. Re: Question TLS (Jasen Betts) How do I make connections initiated on ports 25 or 587 in plain text only allow the sending of messages after using STARTTLS. my brief configuration:The message exchange is between servers and do not use authentication. ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports = 465.. Luciano da Silva On 2018-02-22 at 17:34 +0000, Luciano InfoCultura via Exim-users wrote: > How do I make connections initiated on ports 25 or 587 in plain text only > allow the sending of messages after using STARTTLS. > my brief configuration:The message exchange is between servers and do not use > authentication. > ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports > = 465.. The MAIN_TLS_ENABLE setting is a sign of the Debianized configuration. All of the Exim settings you have listed above are for how Exim listens, not how it sends; sending is controlled via the SMTP "Transport" linked to whichever "Router" accepted the message/recipient and chose remote delivery via SMTP for it. Ports 465 and 587 are for initial Submission by clients and not for server-to-server traffic (except in special hacky situations such as having your mail-server pretend to be a client, of Gmail/whatever). Unless you've got a special arrangement in place, you're sending on port 25 and using STARTTLS to upgrade the connection. I don't see a Debian control knob for this. From Exim's side, you want the SMTP Transport to include: hosts_require_tls = * -Phil On 2018-02-22, Luciano InfoCultura via Exim-users <exim-users@exim.org> wrote: > How do I make connections initiated on ports 25 or 587 in plain text only > allow the sending of messages after using STARTTLS. > my brief configuration:The message exchange is between servers and do not use > authentication. > ..MAIN_TLS_ENABLE = truedaemon_smtp_ports = 25: 465: 587tls_on_connect_ports > = 465.. I'm guessing you mean inbound. Put this require message=starttls required encrypted=* in the smtp mail ACL "acl_check_mail" on debian systems. -- This email has not been checked by half-arsed antivirus software -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ## -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/