On Tue, 6 Dec 2005 18:19:44 -0800, Mark Edwards
<mark@???> wrote:
>I want to set up authentication in exim so that users may only
>authenticate securely, to eliminate the possibility of passwords
>being passed in the clear. To this end, I have added the recommended
>line to my authenticators:
>
> server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>
>Works great, except it breaks Outlook Express Mac, which uses the
>tls_on_connect functionality. Outlook works fine if the LOGIN
>authenticator has no server_advertise_condition set, but breaks
>otherwise, claiming the server doesn't support authentication.
>Unfortunately, if I remove server_advertise_condition from from my
>LOGIN authenticator, other clients can then be set to authenticate in
>the clear, which I do not want.
>
>Can anyone suggest a way to allow Outlook Express Mac clients to
>connect without offering the possibility of any unencrypted logins?
As Stephen says correctly, OjE doesn't do STARTTLS, so you need to run
a tls on connect server on port 465. Additionally, you might need to
fake the AUTH prompt since OjE breaks the RfCs in so many different
ways.
http://www.exim.org/eximwiki/AuthenticatedSmtpForBrokenClients
might help here.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
