Enable outbound TLS on Exim when server sends STARTTLS

N

neo-hippie

Verified User
Joined
May 27, 2014
Messages
69
Location
The Netherlands (Holland)
Hello,

just to use "the other MTA" as an example.
Postfix has an option : smtp_tls_security_level = may
Which tells Postfix to send email with TLS if the other server says STARTTLS in its EHLO

i have found a Exim workaround.http://www.skytale.net/blog/archives/32-Outgoing-TLS-verification-in-exim.html
Code: 
remote_smtp:
  driver = smtp
  hosts_require_tls = *
  tls_tempfail_tryclear = false
  tls_verify_certificates = /etc/pki/tls/certs

But this requires always TLS. while not all servers are yet TLS enabled.

is there a way to do this on Exim?
 
If you haven't yet found a response then I'd suggest that the exim-users mailing list may be a better place to ask. When you've got the answer be sure to reply back and let us know.

Jeff
 
Hi Jeff, was hoping you had some insight in this.
i really hate those mailing lists. they are so 1990's

but i will give it a shot, of course i'll let you know how to solve this.
 
Think i have the answer.
chapter 41 section 9 of the Exim manual states:
Code: 
 It is not necessary to set any options to have TLS work in the smtp transport. If Exim is built with TLS support, and TLS is advertised by a server, the smtp transport always tries to start a TLS session. However, this can be prevented by setting hosts_avoid_tls (an option of the transport) to a list of server hosts for which TLS should not be used.
so basically exim doet it bij default.
yet when i send an email from my home to that server. to an emai on another server.
the headers do not state that the other server has received the message over TLS.
yet it says that exim has received it through SSLv3 from my home pc.

UPDATE.
found the answer.
The 'problem' was at the postfix configuration.
it had an option : smtpd_tls_received_header = yes
to enable the header change. now it mentions which protocol it uses to receive messages.
 
Last edited:
Now I'm only a little confused :).

Is the final destination server a Postfix server?

Jeff
 
Hi Jeff,

sorry to confuse u.

yes the final MTA was a postfix server.
and it didn't add the protocol (TLS/SSL) to the email headers.
so i thought exim didn't send trough TLS.

Thanks for the support tough.
 
You must log in or register to reply here.
Back
Top