On Fri, 2009-10-09 at 20:00 +0100, Mike Cardwell wrote:
> John Doe wrote:
> > I have another question: how can I allow only encrypted/authenticated connections?
>
> By specifying this in your authenticator you're saying "Only advertise
> authentication as an available option if the connection is already
> encrypted" :
>
> server_advertise_condition = ${if def:tls_cipher }
>
> If the client tries to use a feature that hasn't been advertised,
> they'll get an error. So as it stands, you shouldn't be able to
> authenticate unless the connection is encrypted... Is that not what
> you're seeing?
I've found I can't use this method with Outlook clients - if I don't
advertise all the time, Outlook will never attempt to authenticate even
after it has started an encrypted session. My end solution was to allow
users to authenticate without encryption but reject all authenticated,
non-encrypted attempts in acl_smtp_mail.
--
The Exim manual -
http://docs.exim.org