hello,
I´m working my way through exim´s tls features.
In future I want to allow clients from outside (e.g.
mobile users) to connect secure to my exim server.In
this case (if I understand correct) I only need to
configure the "tls_server"-settings!?
so here is my config so far, LAN-clients could connect
"normal" and clients from outside must authenticate
first and then connects via tls:
...or is there a wrong thought?
# main config
hostlist relay_from_hosts = 127.0.0.1 :
192.168.20.0/24 : 192.168.10.0/24
[...]
tls_certificate = /etc/exim/cert/cert.pem
tls_privatekey = /etc/exim/cert/priv.pem
tls_advertise_hosts = *
tls_verify_hosts = ! relay_from_hosts
tls_verify_certificates = /etc/exim/certs/cacert.pem
# auth config
begin authenticators
fixed_plain:
driver = plaintext
public_name = PLAIN
server_advertise_condition = ${if
eq{$tls_cipher}{}{no}{yes}}
server_condition =
${lookup{$2}dbm{/etc/exim/authdb}\
{${if eq{$value}{$3}{yes}{no}}}{no}}
server_set_id = $2
I´m not really sure if this does what I want, perhaps
you can give me some tipps/reconfig?!
Which role does the relay_from_hosts play to allow
such a connection from outside??
MUST it be defined as relay_from_hosts = * ???
(security hole?)
thx
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC:
http://messenger.yahoo.de
