On Sat, 3 Jul 2010, Stanczak Slawomir wrote:
>
> Hi,
>
> I have easy question. How to force TLS connection before SMTP
> authentication in global exim4.conf?
>
what do you have in your auth acl?
This is my complete acl for auth, nothing
else needed in it:
acl_check_auth:
#
# The following rules force auth to require STARTTLS.
#
accept encrypted = *
deny message = TLS encryption required
> I have following settings for TLS:
>
> tls_certificate = /etc/exim4/srv.pem
> tls_privatekey = /etc/exim4/srv.pem
> tls_advertise_hosts = *
>
> This is allow to send messages with TLS, but without TLS too. (example;
> "never" TLS option in Thunderbird SMTP settings).
>
> When I set in my exim4.conf:
>
> auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
>
> and mark "never" TLS option (Thunderbird) for testing message is sent
> without asking for my password (password window isn't displayed at all).
>
> When I mark "TLS" option it works correctly.
>
> I to define tls_require_ciphers option too?
>
> Help me please.
> Regards
>
> Slawek
>
>
--
--------------------------------------------------------
Dave Lugo dlugo@??? No spam, thanks.
Are you the police? . . . No ma'am, we're sysadmins.
--------------------------------------------------------
