Re: [exim] mysql authentication problem...

Góra strony
Delete this message
Reply to this message
Autor: John Doe
Data:  
Dla: exim-users
Temat: Re: [exim] mysql authentication problem...
From: Alexey V. Degtyarev <alexey@???>
> > From: Phil Pennock
> > You want something like this (untested):
> >
> > acl_signedin_or25_check:
> >   accept condition = ${if ={25}{$interface_port}}
> >  require  authenticated = *
> >       condition = ${if def:tls_cipher}
> >        message = Must be authenticated over TLS
> >   accept

> >
> > and then inside acl_check_rcpt you would have:
> > require acl = acl_signedin_or25_check
>
> I think even more simple would be to use server_advertise_condition option for
> desired authenticator. This example should work as requested: LOGIN
> authentication mech won't be advertised (and won't be allowed even if
> requested) without TLS established:
>
> LOGIN:
>   driver                     = plaintext
>   server_set_id              = $auth1
>   server_prompts             = <| Username: | Password:
>   server_condition           = ${if saslauthd{{$auth1}{$auth2}}}
>   server_advertise_condition = ${if def:tls_cipher}


I do already have the server_advertise_condition (from the default configuration).
And it seems to work as when I try to authenticate on port 25, exim ignores the login/pass I provided.
But I am still allowed to send emails (unauthenticated).

What I am trying to do (which should be the same as most email servers):
- I want the server to receive emails normaly.
- I want the server to only allow sending emails from authenticated users (with encryption).

So, for sending emails, I want to 'block' port 25 (already removed 587 from daemon_smtp_ports) and only 'allow' port 465.
Or maybe, the following would be enough?

acl_check_rcpt:
  deny    !authenticated = *
               message         = Must be authenticated over TLS
   accept


I just want "if trying to send an email and not authenticated, deny".

Thx,
JD