On Dec 8 James P. Roberts wrote:
>(1) upgrade from Exim 4.02 so I can use --tls-on-connect on port 465, instead
>of going through Stunnel. If I do this, will $tls_cipher be non-blank? Or is
>there another way to validate that the connection is encrypted, when using
>smtps?
Yes, yes and NULL. Off the top of my head:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{localhost}{*}}
tls_advertise_hosts = *
RCPT ACL:
accept hosts = :
accept local_parts = postmaster : abuse
domains = +local_domains : +relay_domains
accept authenticated = *
[other "policy" stuff here]
accept domains = +local_domains : +relay_domains
deny sender_domains = +local_domains : +relay_domains
encrypted = *
message = SMTP authentication required
deny sender_domains = +local_domains : +relay_domains
message = TLS/SSL encryption and SMTP authentication required
deny message = relaying not permitted
AUTH ACL:
accept encrypted = *
accept condition = ${if eq{${uc:$smtp_command_argument}}{CRAM-MD5}{yes}{no}}
# maybe include SPA too..
accept hosts = localhost
deny message = STARTTLS required before plaintext AUTH
