Do you have something like this in your authenticators?
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
That causes exim to only advertise the authenticator over a connection
on which TLS has been negotiated.
--John
On Mon, Jun 21, 2010 at 7:52 PM, Rick Boucher <rboucher@???> wrote:
>
> On Jun 18, 2010, at 11:44 AM, Odhiambo Washington wrote:
>
>>
>>
>> On Fri, Jun 18, 2010 at 9:28 PM, Rick Boucher <rboucher@???> wrote:
>> I have authentication working on port 465.
>>
>> How can I get it working on port 587 and 25?
>>
>>
>> Why did you limit it to port 465? Just change the rule that causes the limitation and also make sure you do not force every host to authenticate if you are accepting external mail.
>>
>>
>> --
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254733744121/+254722743223
>
> I did not mean to limit authentication to port 465. I just don't know what rulle to change to get authenitcation on port 587.
>
> As I understand it (and by all means correct me please) tls deals with the authentication and ssl deals with the certificate. I want my users to be able to authenicate while traveling but not have to use a certificate.
>
> From my exim.conf
> -------------------------------------------------------
> # Allow any client to use TLS.
> tls_advertise_hosts = *
> tls_try_verify_hosts = *
>
>
> daemon_smtp_ports = 25 : 465 : 587
> tls_on_connect_ports = 465
>
> tls_verify_certificates = /etc/exim/certs/cacert.pem
> tls_certificate = /etc/exim/certs/my.crt
> tls_privatekey = /etc/exim/certs/mycert.key
> log_selector = +tls_peerdn
>
>
> received_header_text = "Received: \
> ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
> {${if def:sender_ident {from ${sender_ident} }}\
> ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
> by ${primary_hostname} \
> ${if def:received_protocol {with ${received_protocol}}} \
> ${if def:tls_cipher {($tls_cipher)\n\t}}\
> ${if def:tls_peerdn {($tls_peerdn)(verified=$tls_certificate_verified)\n\t}} \
> (Exim ${version_number} #${compile_number})\n\t\
> id ${message_id}\
> ${if def:received_for {\n\tfor $received_for}}"
>
>
> auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
>
> acl_check_rcpt:
>
> # Added by Rick
> accept hosts = :
>
> deny local_parts = ^.*[@%!/|] : ^\\.
>
> accept local_parts = postmaster
> domains = +local_domains
>
> accept hosts = +relay_from_hosts
>
> accept authenticated = *
>
> warn log_message = verified peer dn $tls_peerdn
> condition = $tls_certificate_verified
>
> accept condition = $tls_certificate_verified
>
> #End add by Rick
>
>
> -------------------------------------------------------
>
> I can send via 25 and 587 just fine if I don't try to authenticate. To authenticate I have to use 465 and ssl.
>
> So what do I need to change?
>
> Rick
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
