Re: [Exim] Forcing tls authentication

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Christopher Curtis
CC: Exim Users Mailing List
Subject: Re: [Exim] Forcing tls authentication
On Wed, 31 Oct 2001, Christopher Curtis wrote:

> I want to act as an open relay for anyone who has authenticated themselves
> using a TLS connection.


> SMTP<< EHLO m1.bar.com
> SMTP>> 250-m1.bar.com Hello m1.foo.com
> 250-SIZE
> 250-PIPELINING
> 250-AUTH LOGIN
> 250 HELP
> SMTP<< MAIL FROM:<ccurtis@???>
> ccurtis@??? in sender_reject? no (option unset)
> ccurtis@??? in sender_reject_recipients? no (option unset)
> SMTP>> 250 <ccurtis@???> is syntactically correct
> SSL_write(SSL, 80c6890, 61)
> Calling SSL_read(80d66d8, 80e62e0, 4096)
> SMTP<< RCPT TO:<ccurtis@???>
> host in host_accept_relay? no (end of list)
> host in tls_host_accept_relay? no (option unset)
> SMTP>> 550 relaying to <ccurtis@???> prohibited by administrator
>
> ... So everything is working, except the client did not authenticate, and
> it doesn't seem exim even looked for an option to force it to.


Exim cannot force it to. All it can do is to advertise that it supports
LOGIN authentication. That is has done, in response to EHLO. It is up to
the client to decide whether to use it or not. The problem here is in
your client.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.