Re: [exim] Exim TLS - problem

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jakob Hirsch
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Exim TLS - problem
Dave Lugo, 2010-07-05 13:54:

>>> acl_check_auth:
>>>    accept  encrypted = *
>>>    deny    message   = TLS encryption required
>> I would strongly recommend against this. This does not stop Exim from
>> announcing that AUTH PLAIN is supported, so clients would send AUTH
>> PLAIN together with their login information, e.g. "AUTH PLAIN
>> AGZvbwBiYXI=", so it's too late to reject it.
> It works great for me.

>
> My exim install doesn't offer AUTH PLAIN until STARTTLS
> has kicked in.
>
> This may be because I also have the near the
> beginning of my config:
>
> auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}


You guessed right. :)
If Exim does not announce AUTH, it won't accept AUTH commands.

> So, do you still disrecommend this config, which
> doesn't offer AUTH until TLS is started? If yes,
> can you tell me why?


It does not hurt, but it's also useless (and therefore give a wrong
feeling of security).
Or do you have any "TLS encryption required" message in your log?