Khyron wrote:
> To answer the questions:
>
> I am running Solaris 9 SPARC with Exim 4.22 /w PAM support
> compiled in (verified with ldd).
>
> I only want to allow AUTH over encrypted connections; I'm
> using a self-signed certificate.
You can control that you will not ACCEPT unencrypted auth with this
simple acl.
acl_smtp_auth = check_auth
check_auth:
accept encrypted = *
deny message = You need to use TLS for authentication
In your authenticator-settings, you can use the
server_advertise_condition to control when a AUTH-method will be
advertised (so you can control that CRAM-MD5 goes over unencrypted
connections, but PLAIN/LOGIN only via encrypted connections)
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
you can also use auth_advertise_hosts.
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
Your choice. ;)
Nico
--
There ain't nothin' in this world that's worth being a snot over.
--Larry Wall in <1992Aug19.041614.6963@???>
