Re: [exim] Problems getting TLS working

Top Page
Delete this message
Reply to this message
Author: Chris Lear
Date:  
To: Wayne Pascoe
CC: exim-users
Subject: Re: [exim] Problems getting TLS working
* Wayne Pascoe wrote (09/20/05 23:00):
> Hi all,
>
> I'm trying to get TLS working, and I want to authenticate against my
> courier authdaemon. I want my mail server to require auth before it
> will relay mail. I'm using Exim 4 on Gentoo.
>


This works for me (exim, Gentoo, pam rather than courier for auth):

acl_smtp_rcpt = acl_check_rcpt

tls_advertise_hosts = *

tls_certificate = /etc/exim/eximcert.pem

[ACLs]

acl_check_rcpt:
[...]
  accept  authenticated = *
[...]
  deny    message       = Rejected recipient: relay not permitted
without encrypted authentication


[Authenticators]
plain:
driver = plaintext
public_name = PLAIN
server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1


Note: nothing in the SMTP transport, because what you've got is
requiring tls for all deliveries made by your exim, whereas what you
want is only to require tls for deliveries to your exim (in the case of
relaying, anyway). Also, no tls_verify_hosts.

I see that Tony has said exactly the same thing, only slightly terser.

--
Chris