Re: [exim] Secure authentication and tls_on_connect

Top Page
Delete this message
Reply to this message
Author: Stephen Gran
Date:  
To: exim-users
Subject: Re: [exim] Secure authentication and tls_on_connect
On Tue, Dec 06, 2005 at 06:19:44PM -0800, Mark Edwards said:
> I want to set up authentication in exim so that users may only
> authenticate securely, to eliminate the possibility of passwords
> being passed in the clear. To this end, I have added the recommended
> line to my authenticators:
>
> server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>
> Works great, except it breaks Outlook Express Mac, which uses the
> tls_on_connect functionality. Outlook works fine if the LOGIN
> authenticator has no server_advertise_condition set, but breaks
> otherwise, claiming the server doesn't support authentication.
> Unfortunately, if I remove server_advertise_condition from from my
> LOGIN authenticator, other clients can then be set to authenticate in
> the clear, which I do not want.
>
> Can anyone suggest a way to allow Outlook Express Mac clients to
> connect without offering the possibility of any unencrypted logins?


steve@mercury:~$ grep ssmtp /etc/services
ssmtp           465/tcp         smtps           # SMTP over SSL


You'll want to listen on port 465, and use the tls_on_connect option for
that port only. Check the spec for details.
--
--------------------------------------------------------------------------
|  Stephen Gran                  | I want EARS!  I want two ROUND BLACK    |
|  steve@???             | EARS to make me feel warm 'n secure!!   |
|  http://www.lobefin.net/~steve |                                         |

--------------------------------------------------------------------------