Re: [exim] Secure authentication and tls_on_connect

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jakob Hirsch
Date:  
À: Mark Edwards
CC: exim-users
Sujet: Re: [exim] Secure authentication and tls_on_connect
Mark Edwards wrote:

> client is set to port 465. However, in the default setting, if you
> simply choose "This server requires secure authentication" OE Mac
> seems to do its normal routine of checking on 25 to see if LOGIN
> authentication is offered, and then switches to 465 to do tls on
> connect.


Wow... are you _really_ sure about that? That is so wrong and stupid that
I can hardly believe somebody would do it.

In my experience, by "secure authentication" OE means NTLM/SPA, which Exim
does support. MacOE's behaviour could be some sort of fallback, like "I
saw the server supports LOGIN, but no NTLM. We want to be secure, so I use
smtps".

> That is, unless anyone has any way around this catch-22.


You could offer LOGIN and reject AUTH LOGIN in acl_smtp_auth if the
connection is not encrypted. But that is a very bad hack and could be even
to late, as the client could have sent his auth data with the AUTH LOGIN.

I'd tell the MacOE users to use port 465.