Require STARTTLS for sending email in exim

Question

I have configured exim to work with dovecot (might be useful to point out) in both IMAP and SMTP auth. I need to make exim require STARTTLS + CRAM-MD5 when a client authenticates to send an email through it, but not for receiving.

I have tried many configuration options, including client_condition = (empty) in both LOGIN and PLAIN authenticators. With no luck.

How can I do this?

score 0 · Answer 1 · answered Feb 10 '13 at 15:10

0

You need to set

auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}

answered Feb 10 '13 at 15:10

topdog

3,520
17
13

If I do that I get a “Relay not permitted” error when trying to send emails. Know why is that? – Feb 11 '13 at 18:17
You need to make a TLS or SSL connection, and authenticate – topdog Feb 12 '13 at 13:30
My Thunderbird is configured to use STARTTLS for SMTP. Is that OK? – Feb 12 '13 at 13:56

score 0 · Answer 2 · answered Dec 05 '17 at 12:41

Add the "server_advertise_condition" option to your exim authenticator. For instance:

server_advertise_condition = ${if eq{$received_port}{587}{${if eq{$tls_in_cipher}{}{no}{yes}}}{no}}

This option offers authentication only if received port is 587 and connection is encrypted.

Require STARTTLS for sending email in exim

2 Answers2

Linked