Re: [exim] Authentication on port 587 and 25

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Rick Boucher
Date:  
À: John Jetmore
CC: exim-users
Sujet: Re: [exim] Authentication on port 587 and 25
Yes I do. How might I write that command to allow an authenicator over port 587?

On Jun 21, 2010, at 6:31 PM, John Jetmore wrote:

> Do you have something like this in your authenticators?
>
> server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
>
> That causes exim to only advertise the authenticator over a connection
> on which TLS has been negotiated.
>
> --John
>
> On Mon, Jun 21, 2010 at 7:52 PM, Rick Boucher <rboucher@???> wrote:
>>
>> On Jun 18, 2010, at 11:44 AM, Odhiambo Washington wrote:
>>
>>>
>>>
>>> On Fri, Jun 18, 2010 at 9:28 PM, Rick Boucher <rboucher@???> wrote:
>>> I have authentication working on port 465.
>>>
>>> How can I get it working on port 587 and 25?
>>>
>>>
>>> Why did you limit it to port 465? Just change the rule that causes the limitation and also make sure you do not force every host to authenticate if you are accepting external mail.
>>>
>>>
>>> --
>>> Best regards,
>>> Odhiambo WASHINGTON,
>>> Nairobi,KE
>>> +254733744121/+254722743223
>>
>> I did not mean to limit authentication to port 465. I just don't know what rulle to change to get authenitcation on port 587.
>>
>> As I understand it (and by all means correct me please) tls deals with the authentication and ssl deals with the certificate. I want my users to be able to authenicate while traveling but not have to use a certificate.
>>
>> From my exim.conf
>> -------------------------------------------------------
>> # Allow any client to use TLS.
>> tls_advertise_hosts = *
>> tls_try_verify_hosts = *
>>
>>
>> daemon_smtp_ports = 25 : 465 : 587
>> tls_on_connect_ports = 465
>>
>> tls_verify_certificates = /etc/exim/certs/cacert.pem
>> tls_certificate = /etc/exim/certs/my.crt
>> tls_privatekey = /etc/exim/certs/mycert.key
>> log_selector = +tls_peerdn
>>
>>
>> received_header_text = "Received: \
>>    ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
>>    {${if def:sender_ident {from ${sender_ident} }}\
>>    ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
>>    by ${primary_hostname} \
>>    ${if def:received_protocol {with ${received_protocol}}} \
>>    ${if def:tls_cipher {($tls_cipher)\n\t}}\
>>    ${if def:tls_peerdn {($tls_peerdn)(verified=$tls_certificate_verified)\n\t}} \
>>    (Exim ${version_number} #${compile_number})\n\t\
>>    id ${message_id}\
>>    ${if def:received_for {\n\tfor $received_for}}"

>>
>>
>> auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
>>
>> acl_check_rcpt:
>>
>> # Added by Rick
>> accept hosts = :
>>
>>  deny    local_parts   = ^.*[@%!/|] : ^\\.

>>
>>  accept  local_parts   = postmaster
>>          domains       = +local_domains

>>
>>  accept  hosts         = +relay_from_hosts

>>
>> accept authenticated = *
>>
>>  warn  log_message = verified peer dn $tls_peerdn
>>        condition = $tls_certificate_verified

>>
>> accept condition = $tls_certificate_verified
>>
>> #End add by Rick
>>
>>
>> -------------------------------------------------------
>>
>> I can send via 25 and 587 just fine if I don't try to authenticate. To authenticate I have to use 465 and ssl.
>>
>> So what do I need to change?
>>
>> Rick
>> --
>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>


-------------------------------------------------


Rick Boucher
Webmaster / Systems Admin
Orcas Online / San Juan Web
(360) 376-6411
http://www.orcasonline.com
http://www.sanjuanweb.com
The information source for the San Juan Islands



Plans for the next day - "Work, work from early to late. In fact
I have so much to do that I shall spend the first three hours in prayer."
- Martin Luther