Re: [Exim] restricting AUTH Plain/Login to TLS connectionsy

Top Pagina
Delete this message
Reply to this message
Auteur: Nico Erfurth
Datum:  
Aan: Matt Bernstein
CC: Giuliano Gavazzi, exim-users
Onderwerp: Re: [Exim] restricting AUTH Plain/Login to TLS connectionsy
Matt Bernstein wrote:
>>This is good but also restrict the choice of client software, unless
>>these users are only other servers...
>
>
> One application we have for such certificates is for our users who run
> MTAs at home. Stick something like the following very near the top of your
> RCPT ACL, and all your users' mails can be relayed through your virus
> scanner (and what other "policies" one may have :)
>
> # for MUAs
>
> accept authenticated = *
>
> # for MTAs
>
>   accept  encrypted = *
>           verify = certificate

>
> Another application is for off-site backup MXes.
>
>     "Send me a client cert I like and I won't bother doing my evil
>     RBL/fake-Hotmail/etc.. tests on you."

>
> Maybe an RBL to bypass local_scan() too (or choose which ones to invoke
> and which ones to skip, if they're going to be DSOs) would be nice in the
> long term. The system load on our (primary) mailer goes nuts after a
> network outage ;)


I would really like to see some kind of howto for this, how too use
root/server/user certificates with exim, and maybe other software.

Any pointers?

ciao