[Exim] Enforcing TLS and AUTH usage

Góra strony
Delete this message
Reply to this message
Autor: Jochen Gensch
Data:  
Dla: exim-users
Temat: [Exim] Enforcing TLS and AUTH usage
Hi!

I have a few questions regarding the use of TLS and SMTP AUTH.
My Exim should force anyone from anywhere to use SMTP AUTH and
optionally TLS. So actually all I did was setting the options

---
tls_certificate = /usr/local/etc/exim/exim-ssl.pem
tls_privatekey = /usr/local/etc/exim/exim-ssl.pem
tls_advertise_hosts = *
---

and some authenticators.

---
begin authenticators

fixed_plaintext:
     driver = plaintext
     public_name = PLAIN
     server_prompts = :
     server_condition = ${if and {{eq{$2}{test}}{eq{$3}{test}}}{yes}{no}}
     server_set_id = $2


fixed_login:
     driver = plaintext
     public_name = LOGIN
     server_prompts = User Name : Password
     server_condition = \
     ${if and {{eq{$1}{test}}{eq{$2}{test}}}{yes}{no}}
     server_set_id = $1
---


Since then every MUA prompts for User/passw on sending an e-mail. Sounds
good, but I haven't set any option that enforces the use of SMTP AUTH in
any way. Anything I have said was, advertise TLS to everyone. Nothing
about enforce use of AUTH. So why is Exim always asking my MUAS from
external machines for an user/pass combination?

Second:

I don't need to supply a user/pass when I'm sending off a message from
the exim server itself. For instance, I can login via ssh on that
machine an simply send an e-mail to root by executing the command:

echo test | mail root


Third:

If I would know how to enforce the usage of TLS and SMTP AUTH on any
connection respectively, wouldn't I then reject any mails from other MTA
on the internet trying to deliver e-mail to me?


I would be very glad if anyone could put some light into the dark, since
the exim docs don't answer these question in my (noob) eyes :-(

Cheers, Jochen