Re: [Exim] acl_smtp_auth options

Góra strony
Delete this message
Reply to this message
Autor: Calum Mackay
Data:  
Dla: aooi58
CC: exim-users
Temat: Re: [Exim] acl_smtp_auth options
Simon Bell wrote:
> Im currently using:
>
> acl_check_auth:
>
>    accept encrypted = *
>    accept condition = ${if eq {${uc:$smtp_command_argument}}\
>                       {yes}{no}}
>    deny message  = TLS encyption required

>
> to make sure people have to auth using ssl. However, id like to disable this
> for connections coming from localhost/127.0.0.1, but require it for all
> other connections. Is this possible?


I'm not sure about your condition; aren't you missing a second substring
in the eq condition?

Also, you have a typo in "encyption".

To answer your question, I think adding this:

    accept hosts = @[]


before the condition line should do it. This won't, I think, just let
all localhost in without AUTH, since it's in the AUTH acl. Haven't
tested it though.

This will allow, for AUTH, all connections coming from any IP address
the corresponds to an interface on the local system (not just
127.0.0.1). If you really wanted to limit it to 127.0.0.1, and for some
reason exclude the other network interfaces on this system, then:

    accept hosts = 127.0.0.1


would do it, I think.

cheers,
c.