[exim] Secure authentication and tls_on_connect

Top Page
Delete this message
Reply to this message
Author: Mark Edwards
Date:  
To: exim-users
Subject: [exim] Secure authentication and tls_on_connect
I want to set up authentication in exim so that users may only
authenticate securely, to eliminate the possibility of passwords
being passed in the clear. To this end, I have added the recommended
line to my authenticators:

server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}

Works great, except it breaks Outlook Express Mac, which uses the
tls_on_connect functionality. Outlook works fine if the LOGIN
authenticator has no server_advertise_condition set, but breaks
otherwise, claiming the server doesn't support authentication.
Unfortunately, if I remove server_advertise_condition from from my
LOGIN authenticator, other clients can then be set to authenticate in
the clear, which I do not want.

Can anyone suggest a way to allow Outlook Express Mac clients to
connect without offering the possibility of any unencrypted logins?

Thanks!

--
Mark Edwards