Re: [exim] SSL questions

Page principale
Supprimer ce message
Répondre à ce message
Auteur: keith
Date:  
À: exim-users
Sujet: Re: [exim] SSL questions
>
> First of all, only advertise tls support on ports other than 25:
>
> tls_advertise_hosts = ${if eq{$interface_port}{25}{}{*}}
>
> For forcing encryption on ports other than 25, you can only
> really check
> at the "MAIL FROM" stage. In your acl_smtp_mail acl:
>
> deny condition = ${if eq{$interface_port}{25}{false}{true}}
>       condition = ${if eq{$tls_cipher}{}{true}{false}}
>       message   = You must be using encryption to submit mail 
> over this port

>
> I think you can do something like "encrypted = *" rather than
> checking
> tls_cipher there if you want.
>
> For the different auth methods depending on encryption, you
> need to use
> the server_advertise_condition option in your authenticators.
> Eg if you
> only want to offer PLAIN auth on encrypted connections:
>
> server_advertise_condition = ${if def:tls_cipher}
>
> Mike
>


That's great, looks like exactly what I was after.

Thanks,
Keith.