On Thu, 1 Nov 2001, Philip Hazel wrote:
> On Thu, 1 Nov 2001, Christopher Curtis wrote:
>
> > I'd like to suggest that Exim is broken in this regard. On a regular
> > (non-TLS) conection, Exim can be configured to respond with an error:
> >
> > 4xx: AUTHENTICATION REQUIRED
>
> I think there's a misunderstanding here. The auth_hosts option should
> apply whether or not a TLS connection is in use.
>
> auth_over_tls_hosts forces TLS before AUTH.
> auth_hosts forces AUTH before MAIL.
>
> So if you want to force AUTH over TLS before MAIL, you need to set both
> options.
Perhaps my understanding here is deficient, but here is the thing: I want
people running a MUA to be forced to do TLS. This works now because I
refuse to relay unless they are authenticated, and they can only
authenticate via TLS. This fails for local->local delivery (I can force
neither), but is the best I can get at this point. Nobody will be sending
mail directly from the machine or from its network, and will be sending
from various random networks from around the world as they travel.
The problem with forcing authentication is that this forces remote SMTP
servers to authenticate, which none do, so no local mail is ever
delivered. But they also do not do TLS (at least so far), so forcing the
TLS issue solves my AUTH issue. But what I can't do is make it force AUTH
if in TLS, which would solve the local->local problem.
But maybe I'm just going about the whole thing all wrong?
Chris