On Tue, Dec 06, 2005 at 06:19:44PM -0800, Mark Edwards said:
> I want to set up authentication in exim so that users may only
> authenticate securely, to eliminate the possibility of passwords
> being passed in the clear. To this end, I have added the recommended
> line to my authenticators:
>
> server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>
> Works great, except it breaks Outlook Express Mac, which uses the
> tls_on_connect functionality. Outlook works fine if the LOGIN
> authenticator has no server_advertise_condition set, but breaks
> otherwise, claiming the server doesn't support authentication.
> Unfortunately, if I remove server_advertise_condition from from my
> LOGIN authenticator, other clients can then be set to authenticate in
> the clear, which I do not want.
>
> Can anyone suggest a way to allow Outlook Express Mac clients to
> connect without offering the possibility of any unencrypted logins?
steve@mercury:~$ grep ssmtp /etc/services
ssmtp 465/tcp smtps # SMTP over SSL
You'll want to listen on port 465, and use the tls_on_connect option for
that port only. Check the spec for details.
--
--------------------------------------------------------------------------
| Stephen Gran | I want EARS! I want two ROUND BLACK |
| steve@??? | EARS to make me feel warm 'n secure!! |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
