From: Phil Pennock <exim-users@???>
> Since you're on 4.63, you can also use $auth2 instead of $2, for clarity
> (just double-checked, the clearer names were introduced in 4.61).
done, thx.
>> I have another question: how can I allow only encrypted/authenticated
>> connections?
>
> In the ACL logic for the MAIL or RCPT commands, you write rules which
> state that if not on port 25, then you "require" an encrypted connection
> and you require that $authenticated_id be set; that's part of what your
> using server_set_id buys you.
>
> RCPT probably better, some clients allegedly get confused if the MAIL
> command fails.
>
> The cleanest way of doing it is likely to be to have a sub-ACL for doing
> the check, which returns accept for port 25, or for both authenticated
> and encrypted, else returns reject, and then use "require acl = ..." in
> the RCPT logic.
Hum... I must say that I have very poor knowledge of exim syntax...
Been using copy/paste so far. Something like the following?
PORT25 = ${if ={25}{$interface_port}}
PORT587 = ${if ={587}{$interface_port}}
acl_check_rcpt:
deny message = TLS required
condition = PORT25 : PORT587
Or would that block too much?
I understand that the following will prevent other servers to connect...?
acl_smtp_mail:
deny !encrypted = *
message = TLS required
accept
Thx,
JD
