Re: [Exim] encrypted auth, except for one user

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: 'Exim Users Mailing List'
Subject: Re: [Exim] encrypted auth, except for one user
On Wed, Oct 01, 2003 at 04:47:20PM +0100, Simon Bell wrote:
> How would i make it so that all users but one have to auth via an
> encrypted connection?
>
> I currently have this in my acl_check_auth:
>
> acl_check_auth:
>
>    accept local_parts = mobile
>    accept encrypted = *
>    accept condition = ${if eq {${uc:$smtp_command_argument}}\
>                       {yes}{no}}
>    deny message  = TLS encryption required


Perhaps you can check whether $server_set_id matches the username,
another possibility might be to use some clever expansion for
server_condition instead of "accept encrypted = *" that is forced to
fail if the connection is not encrypted and the user is not the
specific one.

BTW I do not understand your "accept condition", I think it is buggy, it
will _always_ return the empty string, it tests whether
$smtp_command_argument converted to uppercase is the string "yes" and
would then return "no", otherwise it returns an empty string, because
| The second string need not be present; if it is not and the condition
| is not true, the item is replaced with nothing.

          cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"