Skip to main content

SMTP relay towards M365 best practice, but with STARTTLS



  • mtindor

    By default Exim should automatically be attempting a TLS connection.   You should be able to see that by doing something like "grep remote_smtp /var/log/exim_mainlog|grep TLS" to show TLS connections, or "grep remote_smtp /var/log/exim_mainlog|grep -v TLS" to show non-TLS connections.

    When the cPanel server connects to the remote server, after HELO it then sends a STARTTLS command.   Either it gets a response that TLS is available and has started, or it gets a message from the remote server like "500 Unknown or unimplemented command", which means the remote server doesn't support TLS.  At that point, unless you have Exim set up to force TLS and not make any connection to remote servers not capable of TLS, it will always try to connect over TLS and will do so as long as the remote server supports TLS and there are matching available SSL/TLS protocols and ciphers available.

  • dandadude

    Thank you very much, you are absolutely right!

    Case is solved then, thanks for the great answer!


Please sign in to leave a comment.