Re: [exim] Exim TLS - problem

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Dave Lugo
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Exim TLS - problem
On Mon, 5 Jul 2010, Jakob Hirsch wrote:
>
>> This is my complete acl for auth, nothing
>> else needed in it:
>>
>> acl_check_auth:
>>
>>    #
>>    # The following rules force auth to require STARTTLS.
>>    #
>>    accept  encrypted = *
>>    deny    message   = TLS encryption required

>
> I would strongly recommend against this. This does not stop Exim from
> announcing that AUTH PLAIN is supported, so clients would send AUTH
> PLAIN together with their login information, e.g. "AUTH PLAIN
> AGZvbwBiYXI=", so it's too late to reject it.
>


It works great for me.

My exim install doesn't offer AUTH PLAIN until STARTTLS
has kicked in.

This may be because I also have the near the
beginning of my config:

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

... which the original poster also has.

(In my original post, I described only my auth
acl)

So, do you still disrecommend this config, which
doesn't offer AUTH until TLS is started? If yes,
can you tell me why?

-- 
--------------------------------------------------------
  Dave Lugo     dlugo@???      No spam, thanks.
  Are you the police?  . . .  No ma'am, we're sysadmins.
--------------------------------------------------------