Require STARTTLS and AUTH on ports 465 and 587?

kristian

kristian

Verified User
Joined
Nov 4, 2005
Messages
490
Location
Norway
From what I understand, both 465 and 587 are purely used by clients for submission. Because of that, it would make sense to always require authentication. With authentication, it would make sense to also always require an encrypted connection. For 465 this is taken care of by tls_on_connect_ports=465, but for 587 this seems to not be enforced. I found this article (https://help.directadmin.com/item.php?id=653) that suggests to edit /etc/exim.conf directly, which seems like a bad idea, since those changes will be overwritten? I also noticed that port 587 requires AUTH for deliveries to any domain (local and remote), while port 465 only requires AUTH for deliveries to remote domains, and not local.

So to sum up, how do I:
1) Require STARTTLS prior to AUTH on port 587
2) Require AUTH for any and all deliveries on port 465
 
kristian said:
is the same as the one I linked to
Click to expand...
No it's not. You linked to the old help pages. I linked to the new docs, which also contains other information.
However, they do both suggest to make some customisation for exim.conf. But with the new docs you don't have to make any direct change. And no issue with future updates either.

As for your second question, yes I think there is. Because mail systems (especially for bigger providers which also use Exim) have to be as compatible as possible. There are still lots of ISP's around which let their users send mail via port 25 by default. So that's why Exim has this option by default I guess. Untill the world is ready for it.
This is not a DA thing but an Exim thing.
 
You must log in or register to reply here.
Back
Top