Difference between revisions of "Trusted Email Services"

From Halon, SMTP software for hosting providers
Jump to: navigation, search
(On client submission port (587))
Line 32: Line 32:
 
</hsl>
 
</hsl>
  
=== On client submission port (587) ===
+
=== Mail Submission ===
  
Use the following script.
+
On client submission port (587) use the following script.
  
 
<hsl type="rcpt">
 
<hsl type="rcpt">
Line 41: Line 41:
 
</hsl>
 
</hsl>
  
And configure the following:
+
And the following configuration:
  
 
* Listener setting
 
* Listener setting

Revision as of 15:02, 14 March 2016

function tes_check_client_policy()
{
    global 
$saslauthed$tlsstarted$tlsprotocol;
    if (!
$tlsstarted)
        return 
false;
    if (
$tlsprotocol == "SSLv2" or
        
$tlsprotocol == "SSLv3" or
        
$tlsprotocol == "TLSv1")
        return 
false;
    if (!
$saslauthed)
        return 
false;
    return 
true;
}
function 
tes_check_member_server_policy()
{
    global 
$tlsstarted$tlsprotocol$tlsciphers$tlskeysize;
    if (!
$tlsstarted)
        return 
false;
    if (
$tlsprotocol == "SSLv2" or
        
$tlsprotocol == "SSLv3" or
        
$tlsprotocol == "TLSv1" or
        
$tlsprotocol == "TLSv1.1")
        return 
false;
    return 
true;
}
function 
tes_check_nonmember_server_policy()
{
    global 
$tlsstarted$tlsprotocol$tlsciphers$tlskeysize;

Mail Submission

On client submission port (587) use the following script.

if (!tes_check_client_policy())
    
Reject("Client is not TES compliant"); 

And the following configuration:

  • Listener setting
    • Require TLS for AUTH

On server-to-server port (25)

Use the following script.

if (tes_is_member()) {
 if (!
tes_check_member_server_policy())
    
Reject("Member is not TES compliant");
} else {
 if (!
tes_check_nonmember_server_policy())
    
Reject("Server is not TES compliant");

Receiving DATA (25)

$result DKIMSDID([$senderdomain]);
if (
$result[$senderdomain] != "pass")
 
Reject();
AddHeader("X-TES-Status"tes_is_member()?"member":"non-member"); 

Sending DATA (587)

DKIMSign($selector$senderdomain$rsakey);