On Mon, 5 Jul 2010, Jakob Hirsch wrote:
>
>> This is my complete acl for auth, nothing
>> else needed in it:
>>
>> acl_check_auth:
>>
>> #
>> # The following rules force auth to require STARTTLS.
>> #
>> accept encrypted = *
>> deny message = TLS encryption required
>
> I would strongly recommend against this. This does not stop Exim from
> announcing that AUTH PLAIN is supported, so clients would send AUTH
> PLAIN together with their login information, e.g. "AUTH PLAIN
> AGZvbwBiYXI=", so it's too late to reject it.
>
It works great for me.
My exim install doesn't offer AUTH PLAIN until STARTTLS
has kicked in.
This may be because I also have the near the
beginning of my config:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
... which the original poster also has.
(In my original post, I described only my auth
acl)
So, do you still disrecommend this config, which
doesn't offer AUTH until TLS is started? If yes,
can you tell me why?
--
--------------------------------------------------------
Dave Lugo dlugo@??? No spam, thanks.
Are you the police? . . . No ma'am, we're sysadmins.
--------------------------------------------------------
