Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Forcing TLS to and from a specific domain in Exim

Discussion in 'E-mail Discussion' started by JimmyTIO, Aug 14, 2017.

  1. JimmyTIO

    JimmyTIO Registered

    Aug 14, 2017
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    I need to require tls connections for a specific domain when emailing.
    I'm not familiar with the Exim advanced configuration editor and I don't see the settings needed in the "Add additional configuration setting"

    Research indicates to add to Exim configuration:
    hosts_require_tls =

    The info below is a few years old and I'm not sure if it's still valid or possible using cPanel.
    I'm also concerned if this would affect other default cPanel Exim settings.

    Forcing TLS to and from a specific domain.
    From Forcing TLS to and from a specific domain · Exim/exim Wiki · GitHub
    In your "domainlist" section add e.g.:
    domainlist tls_force_domains = : * : : *
    In acl_check_rcpt (just before require verify = sender):
    deny  message        = This domain ($sender_address_domain) requires a TLS connection which is not present
          sender_domains = +tls_force_domains
          ! encrypted    = *
    In routers:
      driver = dnslookup
      domains = +tls_force_domains
      transport = tls_smtp
    In transports:
      driver = smtp
      hosts_require_tls = *
    I have a dedicated server using
    CENTOS 6.9 x86_64 standard
    cPanel & WHM 64.0 (build 36)
    Exim 4.89

    Any help would be appreciated.
    #1 JimmyTIO, Aug 14, 2017
    Last edited by a moderator: Aug 14, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    The following option is already enabled by default under the "Security" tab in "WHM >> Exim Configuration Manager >> Basic Editor" with new cPanel installations:

    Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server.

    Is this option already enabled on your server? If so, then you should not have to make any additional changes to the Exim configuration.

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice