this is probably a more roundabout way, but...
receive non-encrypted messages on a non-standard port (8026 or
something)...
then have a separate auth for that
this way, you don't even bother with ssl/non ssl on the same port
i'm picky and crazy like that though.
On Thursday, October 2, 2003, at 06:04 AM, Andreas Metzler wrote:
> On Wed, Oct 01, 2003 at 04:47:20PM +0100, Simon Bell wrote:
>> How would i make it so that all users but one have to auth via an
>> encrypted connection?
>>
>> I currently have this in my acl_check_auth:
>>
>> acl_check_auth:
>>
>> accept local_parts = mobile
>> accept encrypted = *
>> accept condition = ${if eq {${uc:$smtp_command_argument}}\
>> {yes}{no}}
>> deny message = TLS encryption required
>
> Perhaps you can check whether $server_set_id matches the username,
> another possibility might be to use some clever expansion for
> server_condition instead of "accept encrypted = *" that is forced to
> fail if the connection is not encrypted and the user is not the
> specific one.
>
> BTW I do not understand your "accept condition", I think it is buggy,
> it
> will _always_ return the empty string, it tests whether
> $smtp_command_argument converted to uppercase is the string "yes" and
> would then return "no", otherwise it returns an empty string, because
> | The second string need not be present; if it is not and the condition
> | is not true, the item is replaced with nothing.
> cu andreas
> --
> "See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
> fuhggvat qbja gur juveyvat tha.
> Neal Stephenson in "Snow Crash"
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> Exim details at http://www.exim.org/ ##
>
