diff options
| author | W. Kosior <koszko@koszko.org> | 2025-03-12 07:49:38 +0100 |
|---|---|---|
| committer | W. Kosior <koszko@koszko.org> | 2025-03-12 07:49:38 +0100 |
| commit | 49743f5565367da18acdfcded6c6428849aa7c45 (patch) | |
| tree | af32a87cdff79d237aaba9ba5ca97fb5a744ad88 | |
| parent | ddad86141f3cc809bfee806fd6dec36f5cec19e6 (diff) | |
| download | koszko-org-guix-server-49743f5565367da18acdfcded6c6428849aa7c45.tar.gz koszko-org-guix-server-49743f5565367da18acdfcded6c6428849aa7c45.zip | |
Make TLS mandatory when sending to certain known domains.
| -rw-r--r-- | exim.conf | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -23,6 +23,9 @@ localpartlist vmail_usernames = ${sg {${readfile{/var/vmail/passwd}{:::}}}\ {\N:?[^:]+:::\N}\ {:}} +domainlist tls_domains = disroot.org : gmail.com : gnu.org : \ + googlegroups.com : interia.pl : wp.pl + acl_smtp_rcpt = acl_check_rcpt .ifdef _HAVE_PRDR # currently does nothing @@ -164,6 +167,17 @@ acl_check_data: begin routers +dnslookup_mandatory_tls: + driver = dnslookup + domains = +tls_domains + transport = remote_smtp_mandatory_tls + same_domain_copy_routing = yes + ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; 192.168.0.0/16 ;\ + 172.16.0.0/12 ; 10.0.0.0/8 ; 169.254.0.0/16 ;\ + 255.255.255.255 ; ::1 + dnssec_request_domains = * + no_more + dnslookup: driver = dnslookup domains = ! +local_domains @@ -199,6 +213,12 @@ vmail_user: begin transports +remote_smtp_mandatory_tls: + driver = smtp + hosts_require_tls = * + dkim_domain = ${sender_address_domain} + helo_data = ${sender_address_domain} + remote_smtp: driver = smtp dkim_domain = ${sender_address_domain} |