Re: [exim] Secure authentication and tls_on_connect

Startseite
Diese Nachricht ist Teil des folgenden Threads:
M+\Der komplette Thread sortiert nach Datum
MMMMark Edwards am <-
MGiuliano Gavazzi am ->
Nachricht löschen
Nachricht beantworten
Autor: Jakob Hirsch
Datum:  
To: Mark Edwards
CC: exim-users
Betreff: Re: [exim] Secure authentication and tls_on_connect
Mark Edwards wrote:

> client is set to port 465. However, in the default setting, if you
> simply choose "This server requires secure authentication" OE Mac
> seems to do its normal routine of checking on 25 to see if LOGIN
> authentication is offered, and then switches to 465 to do tls on
> connect.

Wow... are you _really_ sure about that? That is so wrong and stupid that
I can hardly believe somebody would do it.

In my experience, by "secure authentication" OE means NTLM/SPA, which Exim
does support. MacOE's behaviour could be some sort of fallback, like "I
saw the server supports LOGIN, but no NTLM. We want to be secure, so I use
smtps".

> That is, unless anyone has any way around this catch-22.

You could offer LOGIN and reject AUTH LOGIN in acl_smtp_auth if the
connection is not encrypted. But that is a very bad hack and could be even
to late, as the client could have sent his auth data with the AUTH LOGIN.

I'd tell the MacOE users to use port 465.



Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim] problem(?) - SpamAssassin checks outgoing mailRe: [exim] Secure authentication and tls_on_connect->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)