[exim] help on TLS for ext. connection

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: user therion
Dátum:  
Címzett: Exim Users
Tárgy: [exim] help on TLS for ext. connection
hello,
I´m working my way through exim´s tls features.
In future I want to allow clients from outside (e.g.
mobile users) to connect secure to my exim server.In
this case (if I understand correct) I only need to
configure the "tls_server"-settings!?
so here is my config so far, LAN-clients could connect
"normal" and clients from outside must authenticate
first and then connects via tls:
...or is there a wrong thought?

# main config
hostlist relay_from_hosts = 127.0.0.1 :
192.168.20.0/24 : 192.168.10.0/24
[...]
tls_certificate = /etc/exim/cert/cert.pem
tls_privatekey = /etc/exim/cert/priv.pem
tls_advertise_hosts = *
tls_verify_hosts = ! relay_from_hosts
tls_verify_certificates = /etc/exim/certs/cacert.pem

# auth config
begin authenticators
fixed_plain:
  driver = plaintext
  public_name = PLAIN
  server_advertise_condition = ${if
eq{$tls_cipher}{}{no}{yes}}
  server_condition =
${lookup{$2}dbm{/etc/exim/authdb}\
    {${if eq{$value}{$3}{yes}{no}}}{no}}
  server_set_id = $2


I´m not really sure if this does what I want, perhaps
you can give me some tipps/reconfig?!
Which role does the relay_from_hosts play to allow
such a connection from outside??
MUST it be defined as relay_from_hosts = * ???
(security hole?)

thx



    

    
        
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de