Re: [Exim] Enabling SMTP AUTH over SSL only (redux)

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Khyron
CC: exim-users
New-Topics: Exim + PAM on Solaris Re: [Exim] Enabling SMTP AUTH over SSL only (redux)
Subject: Re: [Exim] Enabling SMTP AUTH over SSL only (redux)
Khyron wrote:

> To answer the questions:
>
> I am running Solaris 9 SPARC with Exim 4.22 /w PAM support
> compiled in (verified with ldd).
>
> I only want to allow AUTH over encrypted connections; I'm
> using a self-signed certificate.


You can control that you will not ACCEPT unencrypted auth with this
simple acl.

acl_smtp_auth = check_auth

check_auth:
   accept  encrypted = *
   deny    message = You need to use TLS for authentication



In your authenticator-settings, you can use the
server_advertise_condition to control when a AUTH-method will be
advertised (so you can control that CRAM-MD5 goes over unencrypted
connections, but PLAIN/LOGIN only via encrypted connections)

server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}

you can also use auth_advertise_hosts.

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

Your choice. ;)

Nico


--
There ain't nothin' in this world that's worth being a snot over.
        --Larry Wall in <1992Aug19.041614.6963@???>