* Wayne Pascoe wrote (09/20/05 23:00):
> Hi all,
>
> I'm trying to get TLS working, and I want to authenticate against my
> courier authdaemon. I want my mail server to require auth before it
> will relay mail. I'm using Exim 4 on Gentoo.
>
This works for me (exim, Gentoo, pam rather than courier for auth):
acl_smtp_rcpt = acl_check_rcpt
tls_advertise_hosts = *
tls_certificate = /etc/exim/eximcert.pem
[ACLs]
acl_check_rcpt:
[...]
accept authenticated = *
[...]
deny message = Rejected recipient: relay not permitted
without encrypted authentication
[Authenticators]
plain:
driver = plaintext
public_name = PLAIN
server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1
Note: nothing in the SMTP transport, because what you've got is
requiring tls for all deliveries made by your exim, whereas what you
want is only to require tls for deliveries to your exim (in the case of
relaying, anyway). Also, no tls_verify_hosts.
I see that Tony has said exactly the same thing, only slightly terser.
--
Chris