Re: [exim] Authentication on port 587 and 25

Page principale
Supprimer ce message
Répondre à ce message
Auteur: John Jetmore
Date:  
À: Rick Boucher
CC: exim-users
Sujet: Re: [exim] Authentication on port 587 and 25
Do you have something like this in your authenticators?

server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}

That causes exim to only advertise the authenticator over a connection
on which TLS has been negotiated.

--John

On Mon, Jun 21, 2010 at 7:52 PM, Rick Boucher <rboucher@???> wrote:
>
> On Jun 18, 2010, at 11:44 AM, Odhiambo Washington wrote:
>
>>
>>
>> On Fri, Jun 18, 2010 at 9:28 PM, Rick Boucher <rboucher@???> wrote:
>> I have authentication working on port 465.
>>
>> How can I get it working on port 587 and 25?
>>
>>
>> Why did you limit it to port 465? Just change the rule that causes the limitation and also make sure you do not force every host to authenticate if you are accepting external mail.
>>
>>
>> --
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254733744121/+254722743223
>
> I did not mean to limit authentication to port 465.  I just don't know what rulle to change to get authenitcation on port 587.
>
> As I understand it (and by all means correct me please) tls deals with the authentication and ssl deals with the certificate. I want my users to be able to authenicate while traveling but not have to use a certificate.
>
> From my exim.conf
> -------------------------------------------------------
> # Allow any client to use TLS.
> tls_advertise_hosts = *
> tls_try_verify_hosts = *
>
>
> daemon_smtp_ports = 25 : 465 : 587
> tls_on_connect_ports = 465
>
> tls_verify_certificates = /etc/exim/certs/cacert.pem
> tls_certificate = /etc/exim/certs/my.crt
> tls_privatekey = /etc/exim/certs/mycert.key
> log_selector = +tls_peerdn
>
>
> received_header_text = "Received: \
>    ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
>    {${if def:sender_ident {from ${sender_ident} }}\
>    ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
>    by ${primary_hostname} \
>    ${if def:received_protocol {with ${received_protocol}}} \
>    ${if def:tls_cipher {($tls_cipher)\n\t}}\
>    ${if def:tls_peerdn {($tls_peerdn)(verified=$tls_certificate_verified)\n\t}} \
>    (Exim ${version_number} #${compile_number})\n\t\
>    id ${message_id}\
>    ${if def:received_for {\n\tfor $received_for}}"
>
>
> auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
>
> acl_check_rcpt:
>
> # Added by Rick
>  accept  hosts = :
>
>  deny    local_parts   = ^.*[@%!/|] : ^\\.
>
>  accept  local_parts   = postmaster
>          domains       = +local_domains
>
>  accept  hosts         = +relay_from_hosts
>
>  accept  authenticated = *
>
>  warn  log_message = verified peer dn $tls_peerdn
>        condition = $tls_certificate_verified
>
>  accept condition = $tls_certificate_verified
>
> #End add by Rick
>
>
> -------------------------------------------------------
>
> I can send via 25 and 587 just fine if I don't try to authenticate.  To authenticate I have to use 465 and ssl.
>
> So what do I need to change?
>
> Rick
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>