Thanks for the feed back guys. I actually figured out how to do it in a
somewhat less efficient manner but it has the benefit of giving separate
error messages for lack of tls and lack of authentication so the user
gets a more descriptive error if they're missing one or the other:
--
.
.
.
deny
condition = ${if and{{eq{$interface_port}{587}} {eq{$tls_cipher}{}} } }
message = All port 587 connections must use TLS
deny
condition = ${if and{{eq{$interface_port}{587}}
{eq{$sender_host_authenticated}{}} } }
message = All port 587 connections must be Authenticated
.
.
.
--
Darren....
Renaud Allard wrote:
> Mike Cardwell wrote:
>
>> Darren Jacobs wrote:
>>
>>
>>> I'd like to force users sending mail to the smtp submission port 587
>>> to (1) be forced to use tls and (2) be force to authenticate. In
>>> the acl_check_rcpt I have the rule:
>>>
>>> --
>>> deny
>>> condition = ${if and{{eq{$interface_port}{587}} {eq{$tls_cipher}
>>> {}} } }
>>> message = All port 587 connections must use TLS
>>> --
>>>
>>> which works fine to force people to use tls on port 587 users but I'm
>>> not sure how to go about point (2).
>>>
>> deny condition = ${if eq{$interface_port}{587}}
>> !authenticated = *
>> message = You must be authenticated to submit mail over
>> port $interface_port
>>
>>
>
> You have been faster than me, I was just correcting my post to put the same ACL
> as you.
>
