Re: [Exim] Exim 4: auth_advertise_hosts

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Philip Hazel
Dátum:  
Címzett: Matthew Byng-Maddick
CC: exim-users
Tárgy: Re: [Exim] Exim 4: auth_advertise_hosts
On Thu, 7 Mar 2002, Matthew Byng-Maddick wrote:

> On Thu, Mar 07, 2002 at 05:11:08PM +0000, Matt Bernstein wrote:
> > ..is not the right option but I couldn't think of a better subject..
> > I want to advertise STARTTLS everywhere, and only when the client has
> > successfully done this do I want to advertise AUTH. Can I do this?
>
> No.
>
> ``Advertisment'' happens as the reply to the EHLO command. By which time
> you haven't issued STARTTLS.


No.

After a successful start of a TLS session, you are back at square one.
All previous information must be discarded, and the client must send
EHLO again. Furthermore, even in the absence of TLS, a client may send
HELO/EHLO multiple times if it wants to. It acts like RSET. RFC 2821
says:

   Since EHLO implies some additional processing and response by the
   server, RSET will normally be more efficient than reissuing that
   command, even though the formal semantics are the same.
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


To answer the original question: Yes, you can.

auth_advertise_hosts, being a host list, is always expanded in Exim 4.
So you can write:

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

and it should achieve what you want. I haven't tested it, though...

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.