Re: [exim] Multiple types of authentication

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Richard Clayton
CC: exim-users
Subject: Re: [exim] Multiple types of authentication
On 2014-02-06 at 14:14 +0000, Richard Clayton wrote:
> I have a need to send email out to either an ISP smarthost (which is
> Virgin, and they use SSL and LOGIN) and also other email to a different
> smarthost which uses TLS and CRAM-MD5


Am assuming here that you are using SSL as short-hand for SSL-on-connect
and TLS as short-hand for STARTTLS.

> The transports section works just fine to set up two different
> destinations (one on port 80 because it's very special):
>
> virgin_smtp:
> driver = smtp
> port = 465
> protocol = smtps
> hosts_require_tls = *
> hosts_require_auth = *
>
> other_smtp:
> driver = smtp
> port = 80
> hosts_require_tls = *
> hosts_require_auth = *
>
> But then I am stuck because I need two authentication sections and


I would use:
client_condition = ${if eq{$transport_name}{virgin_smtp}}
and:
client_condition = ${if eq{$transport_name}{other_smtp}}

in the two authenticators, so that they're skipped for "other
transports". You _should_ then even be able to have multiple
authenticators for the same public_name (though I've never tried this).

> What advice can be offered apart from not starting from here ?


Use `openssl s_client -connect ...` to speak SSL-on-connect, or
`gnutls-cli --starttls --crlf ...` to speak STARTTLS to the different
end-points, send an EHLO at the appropriate stage and double-check the
list of offered authenticators.

And use the client_condition rules above to constrain the authenticators
to use within the correct transports.

- -Phil