Hi!
I have a few questions regarding the use of TLS and SMTP AUTH.
My Exim should force anyone from anywhere to use SMTP AUTH and
optionally TLS. So actually all I did was setting the options
---
tls_certificate = /usr/local/etc/exim/exim-ssl.pem
tls_privatekey = /usr/local/etc/exim/exim-ssl.pem
tls_advertise_hosts = *
---
and some authenticators.
---
begin authenticators
fixed_plaintext:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if and {{eq{$2}{test}}{eq{$3}{test}}}{yes}{no}}
server_set_id = $2
fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = User Name : Password
server_condition = \
${if and {{eq{$1}{test}}{eq{$2}{test}}}{yes}{no}}
server_set_id = $1
---
Since then every MUA prompts for User/passw on sending an e-mail. Sounds
good, but I haven't set any option that enforces the use of SMTP AUTH in
any way. Anything I have said was, advertise TLS to everyone. Nothing
about enforce use of AUTH. So why is Exim always asking my MUAS from
external machines for an user/pass combination?
Second:
I don't need to supply a user/pass when I'm sending off a message from
the exim server itself. For instance, I can login via ssh on that
machine an simply send an e-mail to root by executing the command:
echo test | mail root
Third:
If I would know how to enforce the usage of TLS and SMTP AUTH on any
connection respectively, wouldn't I then reject any mails from other MTA
on the internet trying to deliver e-mail to me?
I would be very glad if anyone could put some light into the dark, since
the exim docs don't answer these question in my (noob) eyes :-(
Cheers, Jochen
