Bug#422419: exim4: tls_verify_hosts only applies during TLS sessions
Oskar Liljeblad
oskar at osk.mine.nu
Sun May 6 08:18:21 UTC 2007
On Sunday, May 06, 2007 at 09:16, Andreas Metzler wrote:
> You'd be happy with something like this?
[..]
> ++Listing a host in tls_verify_hosts does not directly require the host
> ++to actually use TLS. It can still send SMTP commands through
> ++unencrypted connections. Enforcing TLS for a host needs to be done
> ++separately using ACLs.
Thanks for the quick response, this looks all good to me!
> ######################################
> hostlist youmustusedverifiedtls = blah.example.com : foo.example.com
>
> tls_verify_hosts = +youmustusedverifiedtls
> [...]
>
> begin acl
> acl_check_mail:
> deny
> message = No TLS encryption used
> hosts = +youmustusedverifiedtls
> condition = ${if eq{$tls_cipher}{}{yes}{no}}
> ######################################
I guess you could replace the condition line with
! encrypted = *
(This is what I do.)
Regards,
Oskar
More information about the Pkg-exim4-maintainers
mailing list