Re: [exim] Authentication on port 587 and 25

Pàgina inicial
Delete this message
Reply to this message
Autor: Rick Boucher
Data:  
A: exim-users
Assumpte: Re: [exim] Authentication on port 587 and 25

On Jun 18, 2010, at 11:44 AM, Odhiambo Washington wrote:

>
>
> On Fri, Jun 18, 2010 at 9:28 PM, Rick Boucher <rboucher@???> wrote:
> I have authentication working on port 465.
>
> How can I get it working on port 587 and 25?
>
>
> Why did you limit it to port 465? Just change the rule that causes the limitation and also make sure you do not force every host to authenticate if you are accepting external mail.
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223


I did not mean to limit authentication to port 465. I just don't know what rulle to change to get authenitcation on port 587.

As I understand it (and by all means correct me please) tls deals with the authentication and ssl deals with the certificate. I want my users to be able to authenicate while traveling but not have to use a certificate.

From my exim.conf
-------------------------------------------------------
# Allow any client to use TLS.
tls_advertise_hosts = *
tls_try_verify_hosts = *


daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

tls_verify_certificates = /etc/exim/certs/cacert.pem
tls_certificate = /etc/exim/certs/my.crt
tls_privatekey = /etc/exim/certs/mycert.key
log_selector = +tls_peerdn


received_header_text = "Received: \
    ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
    {${if def:sender_ident {from ${sender_ident} }}\
    ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
    by ${primary_hostname} \
    ${if def:received_protocol {with ${received_protocol}}} \
    ${if def:tls_cipher {($tls_cipher)\n\t}}\
    ${if def:tls_peerdn {($tls_peerdn)(verified=$tls_certificate_verified)\n\t}} \
    (Exim ${version_number} #${compile_number})\n\t\
    id ${message_id}\
    ${if def:received_for {\n\tfor $received_for}}"



auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}

acl_check_rcpt:

# Added by Rick
accept hosts = :

  deny    local_parts   = ^.*[@%!/|] : ^\\.


  accept  local_parts   = postmaster
          domains       = +local_domains


  accept  hosts         = +relay_from_hosts


accept authenticated = *

  warn  log_message = verified peer dn $tls_peerdn
        condition = $tls_certificate_verified


accept condition = $tls_certificate_verified

#End add by Rick


-------------------------------------------------------

I can send via 25 and 587 just fine if I don't try to authenticate. To authenticate I have to use 465 and ssl.

So what do I need to change?

Rick