Re: [exim] AUTH over TLS only

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Magnus Holmgren
Date:  
À: exim-users
CC: Dennis Davis
Sujet: Re: [exim] AUTH over TLS only
Dennis Davis wrote:
> Use auth_advertise_hosts. From the spec:
>
> If you want to advertise the availability of AUTH only when the
> connection is encrypted using TLS, you can make use of the fact that
> the value of this option is expanded, with a setting like this:
>
>     auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

>
> If $tls_cipher is empty, the session is not encrypted, and the
> result of the expansion is empty, thus matching no hosts. Otherwise,
> the result of the expansion is *, which matches all hosts.


Stephen Gran wrote:
>
> It sounds like you want
>
> server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>
> on your authenticators.


I use

server_advertise_condition = ${if def:tls_cipher}

on my plain text authenticators. If you use e.g. CRAM-MD5 as well, you
might not want to require TLS for that.

--
Magnus Holmgren