On Thu, 7 Mar 2002, Matthew Byng-Maddick wrote:
> On Thu, Mar 07, 2002 at 05:11:08PM +0000, Matt Bernstein wrote:
> > ..is not the right option but I couldn't think of a better subject..
> > I want to advertise STARTTLS everywhere, and only when the client has
> > successfully done this do I want to advertise AUTH. Can I do this?
>
> No.
>
> ``Advertisment'' happens as the reply to the EHLO command. By which time
> you haven't issued STARTTLS.
No.
After a successful start of a TLS session, you are back at square one.
All previous information must be discarded, and the client must send
EHLO again. Furthermore, even in the absence of TLS, a client may send
HELO/EHLO multiple times if it wants to. It acts like RSET. RFC 2821
says:
Since EHLO implies some additional processing and response by the
server, RSET will normally be more efficient than reissuing that
command, even though the formal semantics are the same.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
To answer the original question: Yes, you can.
auth_advertise_hosts, being a host list, is always expanded in Exim 4.
So you can write:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
and it should achieve what you want. I haven't tested it, though...
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
