Re: [Exim] Forcing tls authentication

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Christopher Curtis
CC: Exim Users Mailing List
Subject: Re: [Exim] Forcing tls authentication
On Sat, 3 Nov 2001, Christopher Curtis wrote:

> > What exactly to you mean by "local mail"? Exim should always accept mail
> > for any domains in local_domains, whether or not the sending host is
> > authenticated.
>
> This does not appear to be the case. If I set auth_hosts=* I get:
> MAIL FROM: ccurtis@???
> 530 Authentication required
>
> Without bothering to find out where it's going to.


Right! Now I understand. Indeed, that will be the case for auth_hosts=*.
I was thinking of the case of

> >   auth_over_tls_hosts = *           <= must use TLS before AUTH
> >   host_auth_accept_relay = *        <= may relay if authenticated


> The whole scenario is this: This machine sits at an ISP on an isolated
> network. There are these three conditions:
>
> Sender        Recipient    Action
> ------        ----------    ------
> non-local mail    non-local mail    reject
> non-local mail    local mail    deliver if remote_sender valid (callback)
> local mail    remote mail    require TLS, authentication; deliver
> local mail    local mail    require TLS, authentication; deliver


I think you will probably have to wait for Exim 4 to do what you want.
It's all much more flexible there in that you *can* look at the
recipient (and sender) before checking authentication and encryption.
One of the motivations for the big upheaval that is Exim 4 was to allow
for much more flexibility in this area.

I am now pretty confident that the first alpha release of Exim 4 will be
around the end of this month.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.