Re: [Exim] Exim 4 AUTH ACL

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPhilip Hazel at <-
M 
Delete this message
Reply to this message
Author: Matt Bernstein
Date:  
To: exim-users
Subject: Re: [Exim] Exim 4 AUTH ACL
On Jan 11 Philip Hazel wrote:

>> lovely, but I want to require TLS for AUTH LOGIN and AUTH PLAIN (granted
>> it's a little late by then, but..), but to accept AUTH CRAM-MD5.
>
>Look in $smtp_command_argument. You can use a "condition" condition to
>test it. I'll try to make this fact a bit more prominent in the doc.

Lovely (as usual :), perhaps this sort of ACL might be a useful example:

# Do our best to prevent passwords being sent in clear text:
# ie require TLS for AUTH PLAIN or AUTH LOGIN but accept AUTH CRAM-MD5.
# If we advertise STARTTLS, clients shouldn't do the wrong thing
# by attempting an AUTH PLAIN with the password which we deny
# even though by then it's too late!

acl_check_auth:
accept encrypted = *

accept condition = ${if eq{${uc:$smtp_command_argument}}{CRAM-MD5}{yes}{no}}

deny message = TLS encryption (or CRAM-MD5) required for SMTP AUTH



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Passing mail through directors as well as routers section?[Exim] Mailer-daemon email address.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)