Home / server / Questions / 132913
Accepted
mhost
Asked: 2010-04-16 14:24:19 +0800 CST

Exim force TLS for specific destination domain

  • 772

I need to configure Exim to require TLS when sending emails to a specific domain.

I know that I can use

 hosts_require_tls = host

in the smtp transport. But it sounds like that requires that I set the host of the receiving mail server. I would instead like to specify the domain.

Also, if I use this, will all other hosts/domains work without TLS? Just want to confirm before I implement.

Thanks.

exim tls

3 Answers

  1. Best Answer

    you can use the recipient ACL and use the encrypted condition, see here.

    deny
    domains = secure.mail.org
    ! encrypted = *

    EDIT

    To force sending encrypted mail to some domains, you can create a "required tls" transport (specifying host_require_tls), and then create a router for the domains you want, e.g (untested):

    begin router

tls_router:
    driver = accept
    domains = secure.mail.com
    transport = tls_smtp

begin transport

tls_smtp:
    driver = smtp
    hosts_require_tls = *
    • 2

  2. hosts_require_tls can be a list or wild card such as *.example.net : example.net the same as any other list.

    Reverse configuration would be tls_hosts = *.example.net : example.net.

    Documentation for exim is at http://www.exim.org. Check host lists in chapter 7.

    • 0

  3. You use two Routers for remote delivery. The first has a domains = foo restriction, to apply only to your domain; most options are the same as the next Router, which handles normal remote delivery. But you also change the transport = ... option to transport = remote_smtp_tls.

    You then copy the remote_smtp Transport, duplicating it; call the new copy remote_smtp_tls and in it set hosts_require_tls = *

    • 0