Require STARTTLS for sending email in exim

eximsmtp

I have configured exim to work with dovecot (might be useful to point out) in both IMAP and SMTP auth. I need to make exim require STARTTLS + CRAM-MD5 when a client authenticates to send an email through it, but not for receiving.

I have tried many configuration options, including client_condition = (empty) in both LOGIN and PLAIN authenticators. With no luck.

How can I do this?

Best Answer

You need to set

auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}

Related Solutions

Freebsd – exim virtual domains vs main domain – rewriting rules

The first mail servers (of which Exim is derived from a very early one) were designed at a time when it was common for an email address for userX@example.com to belong to a real unix user named "userX". As such, when it constructs the Sender header and other headers, it would use the username @ default_domainname. The username part is referred to in Exim as the local_part.

In modern systems, it is much more common to have virtual users, where an exim server can receive email to a domain that is not the default domain, and the local_part is likely not a valid local user, or there may be multiple email addresses all with the same local_part. In systems like this, instead of authenticating as "userX", it's more common to authenticate as "userX@example.com". Exim internally will treat that whole string as the username unless you configure it otherwise.

http://www.exim.org/exim-html-current/doc/html/spec_html/ch-message_processing.html#SECTsubmodnon

The control = submission line tells exim to apply certain fixups to the message that gets submitted, including creating those headers you mentioned. Change it to:

control = submission/sender_retain

to indicate that you want Exim to treat the submitted name as the full userX@example.com instead of just the local_part, meaning exim won't try to append the default domain name to what was submitted. The exim documentation linked above has a lot of great detail on this whole message submission and fixup process.

Can’t send or receive email with Postfix (times out)

The logs are self explanatory for outbound email, in your case email sent to gmail. Your mail server can't connect to Gmail's mail servers on port 25. You can simply verify this by telneting to Gmail's mail server from your mail server -

 telnet gmail-smtp-in.l.google.com. 25
 telnet alt1.gmail-smtp-in.l.google.com. 25
 telnet alt2.gmail-smtp-in.l.google.com. 25

Your dns is working, as your mail server was able to retrieve the MX records for gmail. I would presume Comcast is blocking outbound port 25 connections.

Best Answer

Related Solutions

Freebsd – exim virtual domains vs main domain – rewriting rules

Can’t send or receive email with Postfix (times out)

Related Topic