>
> First of all, only advertise tls support on ports other than 25:
>
> tls_advertise_hosts = ${if eq{$interface_port}{25}{}{*}}
>
> For forcing encryption on ports other than 25, you can only
> really check
> at the "MAIL FROM" stage. In your acl_smtp_mail acl:
>
> deny condition = ${if eq{$interface_port}{25}{false}{true}}
> condition = ${if eq{$tls_cipher}{}{true}{false}}
> message = You must be using encryption to submit mail
> over this port
>
> I think you can do something like "encrypted = *" rather than
> checking
> tls_cipher there if you want.
>
> For the different auth methods depending on encryption, you
> need to use
> the server_advertise_condition option in your authenticators.
> Eg if you
> only want to offer PLAIN auth on encrypted connections:
>
> server_advertise_condition = ${if def:tls_cipher}
>
> Mike
>
That's great, looks like exactly what I was after.
Thanks,
Keith.
