Re: [exim] is it possible to whitelist specific IP or port 2…

Top Page
Delete this message
Reply to this message
Author: modjklist
Date:  
To: exim-users
Subject: Re: [exim] is it possible to whitelist specific IP or port 26 to allow plain-text logins?
Or, would this work?

auth_advertise_hosts = localhost : ${if eq{$tls_cipher}{}{nope}{*}}

taken from:

http://serverfault.com/questions/617848/exim4-require-tls-for-all-hosts-but-localhost

Any downside?
Also, where/how to implement?

----- Original Message -----

From: modjklist@???
To: exim-users@???
Sent: Tuesday, November 18, 2014 9:45:18 AM
Subject: Re: [exim] is it possible to whitelist specific IP or port 26 to allow plain-text logins?

Thanks (again) Jeremy,

By any chance would you know either (1) which file I need to modify from the Linux command line or (2) which section in WHM's Exim Configuration Manager's Advanced Editor (see below) this code needs to be placed?

Sorry, I'm a total newbie working with Exim.

I see the Advanced Editor in WHM includes quite a bit of options. There is a section that already includes server_condition. I'll paste a little before and after where server_condition is located for reference:

...


Section: ENDACL

<there's a text area here to insert code>
begin authenticators


courier_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if and{{!match {$auth2}{\N[/]\N}}{eq{${if match {$auth2}{\N[+%:@]\N}{${look
up{${extract{2}{+%:@}{$auth2}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth2}lsearch{/etc/demouse
rs}{yes}}}}}{}}{!eq{${extract{address}{${readsocket{/var/spool/authdaemon/socket}{AUTH ${strlen:exim
\{$sender_host_address\|$received_ip_address\}\nlogin\n$auth2\n$auth3\n}\nexim\{$sender_host_address
\|$received_ip_address\}\nlogin\n$auth2\n$auth3\n}}}}}{}}}{true}{false}}
server_set_id = $auth2
server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}
}}{1}{0}}




courier_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if and{{!match {$auth1}{\N[/]\N}}{eq{${if match {$auth1}{\N[+%:@]\N}{${lookup
{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers
}{yes}}}}}{}}{!eq{${extract{address}{${readsocket{/var/spool/authdaemon/socket}{AUTH ${strlen:exim\{
$sender_host_address\|$received_ip_address\}\nlogin\n$auth1\n$auth2\n}\nexim\{$sender_host_address\|
$received_ip_address\}\nlogin\n$auth1\n$auth2\n}}}}}{}}}{true}{false}}
server_set_id = $auth1
server_advertise_condition = ${if or {{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}
{1}{0}}




Section: AUTH

<there's a text area here to insert code>
######################################################################
# REWRITE CONFIGURATION #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite

Section: REWRITE
<there's a text area here to insert code>
...
----- Original Message -----

From: "Jeremy Harris" <jgh@???>
To: exim-users@???
Sent: Tuesday, November 18, 2014 8:24:24 AM
Subject: Re: [exim] is it possible to whitelist specific IP or port 26 to allow plain-text logins?

On 18/11/14 14:56, modjklist@??? wrote:
> Could someone give an example how to use server_condition to whitelist either a port or IP address from a rule selected in Cpanel for " Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server" ? Or, other workaround.


server_advertised_condition = ${if = {$received_port}{26}}


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/