Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

How can I require TLS for mail submission?

 

 

exim users RSS feed   Index | Next | Previous | View Threaded


Jack.Toering at LeadingEdgeITA

Apr 28, 2012, 6:08 PM

Post #1 of 3 (395 views)
Permalink
How can I require TLS for mail submission?

It works fine now for voluntary TLS mail submission. What do I have to do
to make it mandatory? With all of the mobile devices these days, this
should be the most asked question on the list. Users are giving away their
user name and password all day long at hot spots in coffee shops and
airports if they are not forced to use TLS like all of the large E-mail
services require these days.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


duihi77 at gmail

Apr 29, 2012, 3:13 AM

Post #2 of 3 (360 views)
Permalink
Re: How can I require TLS for mail submission? [In reply to]

On Sunday, April 29, 2012 at 01:08:50 UTC, Jack.Toering [at] LeadingEdgeITA confabulated:

> It works fine now for voluntary TLS mail submission. What do I have to do
> to make it mandatory? With all of the mobile devices these days, this
> should be the most asked question on the list. Users are giving away their
> user name and password all day long at hot spots in coffee shops and
> airports if they are not forced to use TLS like all of the large E-mail
> services require these days.

Here's what I use. It accepts connections from hosts the server relays
for, connections on port 25, and encrypted connections.
Connections to any other enabled port must have TLS enabled.
Otherwise, they get dropped.

...
acl_smtp_auth = acl_check_auth
...
acl_check_auth:
...
accept hosts = +relay_from_hosts
accept condition = ${if eq{$received_port}{25}}
accept encrypted = *
drop message = Your connection must be encrypted.
log_message = Connection from \
[$sender_host_address]($authenticated_id) was \
not encrypted.
...

--
If at first you don't succeed...
...so much for skydiving.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


ml+exim at wzff

Apr 29, 2012, 5:26 AM

Post #3 of 3 (357 views)
Permalink
Re: How can I require TLS for mail submission? [In reply to]

Hi,

On Sat, Apr 28, 2012 at 21:08:50 -0400, Jack Toering wrote:
> It works fine now for voluntary TLS mail submission. What do I have to do
> to make it mandatory? With all of the mobile devices these days, this
> should be the most asked question on the list. Users are giving away their
> user name and password all day long at hot spots in coffee shops and
> airports if they are not forced to use TLS like all of the large E-mail
> services require these days.

I use this:

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}


Best,

Moritz

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.