[exim] forcing smtp

I'd like to force users sending mail to the smtp submission port 587
to (1) be forced to use tls and (2) be force to authenticate. In
the acl_check_rcpt I have the rule:

--
deny
      condition = ${if and{{eq{$interface_port}{587}} {eq{$tls_cipher} 
{}} } }
      message   = All port 587 connections must use TLS
--

which works fine to force people to use tls on port 587 users but I'm
not sure how to go about point (2).