Re: [exim] Secure authentication and tls_on_connect

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [exim] Secure authentication and tls_on_connect
On Tue, 6 Dec 2005 18:19:44 -0800, Mark Edwards
<mark@???> wrote:
>I want to set up authentication in exim so that users may only
>authenticate securely, to eliminate the possibility of passwords
>being passed in the clear. To this end, I have added the recommended
>line to my authenticators:
>
> server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>
>Works great, except it breaks Outlook Express Mac, which uses the
>tls_on_connect functionality. Outlook works fine if the LOGIN
>authenticator has no server_advertise_condition set, but breaks
>otherwise, claiming the server doesn't support authentication.
>Unfortunately, if I remove server_advertise_condition from from my
>LOGIN authenticator, other clients can then be set to authenticate in
>the clear, which I do not want.
>
>Can anyone suggest a way to allow Outlook Express Mac clients to
>connect without offering the possibility of any unencrypted logins?


As Stephen says correctly, OjE doesn't do STARTTLS, so you need to run
a tls on connect server on port 465. Additionally, you might need to
fake the AUTH prompt since OjE breaks the RfCs in so many different
ways.

http://www.exim.org/eximwiki/AuthenticatedSmtpForBrokenClients

might help here.

Greetings
Marc
-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834