Forcing TLS to and from a specific domain in Exim

JimmyTIO

Registered
Aug 14, 2017
1
0
1
canada
cPanel Access Level
Root Administrator
Hi,

I need to require tls connections for a specific domain when emailing.
I'm not familiar with the Exim advanced configuration editor and I don't see the settings needed in the "Add additional configuration setting"

Research indicates to add to Exim configuration:
hosts_require_tls = example.com

The info below is a few years old and I'm not sure if it's still valid or possible using cPanel.
I'm also concerned if this would affect other default cPanel Exim settings.


----------------------------------------------------------
Forcing TLS to and from a specific domain.
From Forcing TLS to and from a specific domain · Exim/exim Wiki · GitHub
Code:
In your "domainlist" section add e.g.:

domainlist tls_force_domains = example.com : *.example.com : forcetls.com : *.forcetls.com


In acl_check_rcpt (just before require verify = sender):

deny  message        = This domain ($sender_address_domain) requires a TLS connection which is not present
      sender_domains = +tls_force_domains
      ! encrypted    = *

In routers:

tls_router:
  driver = dnslookup
  domains = +tls_force_domains
  transport = tls_smtp

In transports:

tls_smtp:
  driver = smtp
  hosts_require_tls = *
-------------------------------------------------------------
I have a dedicated server using
CENTOS 6.9 x86_64 standard
cPanel & WHM 64.0 (build 36)
Exim 4.89

Any help would be appreciated.
Thanks
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
I need to require tls connections for a specific domain when emailing.
Hello,

The following option is already enabled by default under the "Security" tab in "WHM >> Exim Configuration Manager >> Basic Editor" with new cPanel installations:

Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server.

Is this option already enabled on your server? If so, then you should not have to make any additional changes to the Exim configuration.

Thank you.