Re: [exim] using port 587 for submission?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: hw
Datum:  
To: exim-users
Betreff: Re: [exim] using port 587 for submission?


Am 03.09.2015 um 15:17 schrieb hw:
>
>
> Am 03.09.2015 um 15:12 schrieb Jeremy Harris:
>> On 03/09/15 13:49, hw wrote:
>>> begin authenticators
>>>
>>> PLAIN:
>>>   driver                     = plaintext
>>>   server_set_id              = $auth2
>>>   server_prompts             = :
>>>   server_condition           = ${if pam{$2:$3}{1}{0}}
>>>   server_advertise_condition = ${if def:tls_cipher }

>>
>>> Now I'm trying to figure out what's wrong.
>>
>> One possibility is that the client is trying to use a LOGIN method.
>> Set up both.
>>
>> Run your Exim daemon with debug cmdline option(s) and watch the
>> processing during a test.
>>
>
> After making /etc/shadow readable by the mail group, it kinda works. Is
> it really necessary to change permission on /etc/shadow?
>
> "Kinda works" means that I can now send messages via port 587 without
> any authentication at all, with unencrypted authentication and when
> using STARTTLS. Authentication and encryption must be required, though.


Commenting myself:

Do I have a problem here with testing? The server is configured to
relay for all clients on the LAN without authentication. That used to
be over port 25 only.

Now exim also listens on port 587, and when no authentication is
required anyway, it might not matter wheather I authenticate on port 587
or not.

With /etc/shadow NOT readable by the mail group AND when setting the MUA
to provide authentication with TLS, I can NOT send mail because
authentication fails.

Can I somehow make it so that when using port 587, authentication and
encryption are always required while leaving port 25 unchanged?

I don't want to open port 587 to the outside before I have verified that
I can reasonably safely do so.