hi fred,
> Morning already? Geez, I gotta get to bed! ;)
i KNEW i was forgetting something! 8-}
>> | here's the comparison ...
> OK, seems clear enough. When you have an encrypted session, you must
> be taking a different (and wrong) path through your DATA (or MIME)
> ACL.
hrm. rats. ^%*&%*. humbug. i swear i've looked ...
> Also of interest, you don't advertise SMTP AUTH in an unencrypted
> session, even though you support CRAM-MD5. So the non-TLS session
> isn't authenticated either.
i'm fairly certain that's on purpose:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
the idea being, unless a sending client is using TLS, don't advertise anything ... hence
(eventually) 'enforcing' use of TLS, no?
> Check your MIME (if you have one) and DATA ACL's for conditions
> referencing $tls_cipher, $authenticated_id, and/or
> $sender_host_authenticated.
will do. but i am simply too bleary eyed tonite ...
i'll report back what i find tomorrow.
thx again!
richard
