Re: [exim] mysql authentication problem...

Ted Cooper wrote:
> On Fri, 2009-10-09 at 20:00 +0100, Mike Cardwell wrote:
>> John Doe wrote:
>>> I have another question: how can I allow only encrypted/authenticated connections?
>> By specifying this in your authenticator you're saying "Only advertise
>> authentication as an available option if the connection is already
>> encrypted" :
>>
>> server_advertise_condition = ${if def:tls_cipher }
>>
>> If the client tries to use a feature that hasn't been advertised,
>> they'll get an error. So as it stands, you shouldn't be able to
>> authenticate unless the connection is encrypted... Is that not what
>> you're seeing?
>
> I've found I can't use this method with Outlook clients - if I don't
> advertise all the time, Outlook will never attempt to authenticate even
> after it has started an encrypted session. My end solution was to allow
> users to authenticate without encryption but reject all authenticated,
> non-encrypted attempts in acl_smtp_mail.
>

It works properly with LookOUT here, but I dont have:

server_advertise_condition = ${if def:tls_cipher }

..

I have [1]:

server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}

eg not def

All I need to do in the acl's then is grant bypassing of rDNS checking to those
who are:

- on port 587 AND encrypted AND authenticated


Bill

[1] that expression can be written more tersely, but I tend to forget what the
goal was when things are too short. Blue pills don't help ...