Re: [exim] mysql authentication problem...

Góra strony
Delete this message
Reply to this message
Autor: Alexey V. Degtyarev
Data:  
Dla: John Doe, exim-users
CC: Phil Pennock
Temat: Re: [exim] mysql authentication problem...

> On 2009-10-13 at 09:12 -0700, John Doe wrote:
> > From: Phil Pennock <exim-users@???>
> > > Since you're on 4.63, you can also use $auth2 instead of $2, for clarity
> > > (just double-checked, the clearer names were introduced in 4.61).
> >
> > done, thx.
> >
> > >> I have another question: how can I allow only encrypted/authenticated
> > >> connections?


[...]

> Yes.
>
> You want something like this (untested):
>
> acl_signedin_or25_check:
> accept condition = ${if ={25}{$interface_port}}
>
>   require  authenticated = *
>            condition = ${if def:tls_cipher}
>        message = Must be authenticated over TLS

>
> accept
>
>
> and then inside acl_check_rcpt you would have:
>
> require acl = acl_signedin_or25_check
>
>
> Make sense?


I think even more simple would be to use server_advertise_condition option for
desired authenticator. This example should work as requested: LOGIN
authentication mech won't be advertised (and won't be allowed even if
requested) without TLS established:

LOGIN:
  driver                     = plaintext
  server_set_id              = $auth1
  server_prompts             = <| Username: | Password:
  server_condition           = ${if saslauthd{{$auth1}{$auth2}}}
  server_advertise_condition = ${if def:tls_cipher}



Check spec[1] for details.

[1] http://www.exim.org/exim-html-current/doc/html/spec_html/ch33.html#SECID168

--
Alexey V. Degtyarev