Auteur: Jakob Hirsch Datum: Aan: Mark Edwards CC: exim-users Onderwerp: Re: [exim] Secure authentication and tls_on_connect
Mark Edwards wrote:
> client is set to port 465. However, in the default setting, if you
> simply choose "This server requires secure authentication" OE Mac
> seems to do its normal routine of checking on 25 to see if LOGIN
> authentication is offered, and then switches to 465 to do tls on
> connect.
Wow... are you _really_ sure about that? That is so wrong and stupid that
I can hardly believe somebody would do it.
In my experience, by "secure authentication" OE means NTLM/SPA, which Exim
does support. MacOE's behaviour could be some sort of fallback, like "I
saw the server supports LOGIN, but no NTLM. We want to be secure, so I use
smtps".
> That is, unless anyone has any way around this catch-22.
You could offer LOGIN and reject AUTH LOGIN in acl_smtp_auth if the
connection is not encrypted. But that is a very bad hack and could be even
to late, as the client could have sent his auth data with the AUTH LOGIN.