Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Forcing TLS to and from a specific domain in Exim

Discussion in 'E-mail Discussions' started by JimmyTIO, Aug 14, 2017.

  1. JimmyTIO

    JimmyTIO Registered

    Joined:
    Aug 14, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    canada
    cPanel Access Level:
    Root Administrator
    Hi,

    I need to require tls connections for a specific domain when emailing.
    I'm not familiar with the Exim advanced configuration editor and I don't see the settings needed in the "Add additional configuration setting"

    Research indicates to add to Exim configuration:
    hosts_require_tls = example.com

    The info below is a few years old and I'm not sure if it's still valid or possible using cPanel.
    I'm also concerned if this would affect other default cPanel Exim settings.


    ----------------------------------------------------------
    Forcing TLS to and from a specific domain.
    From Forcing TLS to and from a specific domain · Exim/exim Wiki · GitHub
    Code:
    In your "domainlist" section add e.g.:
    
    domainlist tls_force_domains = example.com : *.example.com : forcetls.com : *.forcetls.com
    
    
    In acl_check_rcpt (just before require verify = sender):
    
    deny  message        = This domain ($sender_address_domain) requires a TLS connection which is not present
          sender_domains = +tls_force_domains
          ! encrypted    = *
    
    In routers:
    
    tls_router:
      driver = dnslookup
      domains = +tls_force_domains
      transport = tls_smtp
    
    In transports:
    
    tls_smtp:
      driver = smtp
      hosts_require_tls = *
    
    
    -------------------------------------------------------------
    I have a dedicated server using
    CENTOS 6.9 x86_64 standard
    cPanel & WHM 64.0 (build 36)
    Exim 4.89

    Any help would be appreciated.
    Thanks
     
    #1 JimmyTIO, Aug 14, 2017
    Last edited by a moderator: Aug 14, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following option is already enabled by default under the "Security" tab in "WHM >> Exim Configuration Manager >> Basic Editor" with new cPanel installations:

    Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server.

    Is this option already enabled on your server? If so, then you should not have to make any additional changes to the Exim configuration.

    Thank you.
     
Loading...

Share This Page