Commit 2cebc142 authored by Claudemir Todo Bom's avatar Claudemir Todo Bom

* tls optional

parent e8ad211b
Pipeline #236 passed with stage
in 2 minutes and 20 seconds
......@@ -81,3 +81,10 @@ SRS_SECRET=SecredoDeEstado
### Disable automatic account expiration after 60 days without login
#WW_DISABLE_ACCOUNT_EXPIRATION=1
### disable forced encrypted conections
#WW_RELAX_TLS=1
### define to disable TLS announce for specific hosts (separated by ";")
#WW_NOTLSADVERTISE_HOSTS="192.0.2.1 ; 2001:db8::1"
......@@ -87,6 +87,10 @@ hostlist localhost = <; 127.0.0.0/8 ; ::1
hostlist submitter_hosts = <; 127.0.0.0/8 ; ::1 ; WW_SUBMITTERS
hostlist relayers = <; 127.0.0.0/8 ; ::1 ; WW_RELAYERS ; WW_SUBMITTERS
.ifdef WW_NOTLSADVERTISE_HOSTS
hostlist notlsadvertisehosts = <; WW_NOTLSADVERTISE_HOSTS
.endif
hostlist auth_relay_hosts = *
hostlist iana_lacnic = 177.0.0.0/8 : 179.0.0.0/8 : 181.0.0.0/8 : 186.0.0.0/8 : 187.0.0.0/8 : 189.0.0.0/8 : 190.0.0.0/8 : 200.0.0.0/8 : 201.0.0.0/8
......@@ -119,7 +123,12 @@ hostlist websites = 127.0.0.1
tls_on_connect_ports = 465
tls_certificate = /etc/exim4/ssl/fullchain.pem
tls_privatekey = /etc/exim4/ssl/privkey.pem
.ifndef WW_NOTLSADVERTISE_HOSTS
tls_advertise_hosts = *
.else
tls_advertise_hosts = ! +notlsadvertisehosts
.endif
# Specify the domain you want to be added to all unqualified addresses
# here. Unqualified addresses are accepted only from local callers by
......@@ -790,10 +799,12 @@ check_auth:
accept
hosts = +localhost
.ifndef WW_RELAX_TLS
deny
!encrypted = *
condition = ${if eq {$interface_port}{587}}
message = 5.7.1 AUTH encryption is required
.endif
# Deny if AUTH isn't on submission port (autolist enabled)
deny
......@@ -801,10 +812,11 @@ check_auth:
!condition = ${if eq {$interface_port}{465}}
message = 5.7.1 AUTH requires submission port
# Accept if encrypted (should not get here if unencrypted)
# Final accept (should not get here on normal conditions)
accept
.ifndef WW_RELAX_TLS
encrypted = *
.endif
#!!# ACL that is used after the VRFY command
check_vrfy:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment