Re: [exim] using port 587 for submission?

Góra strony
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Dla: exim-users
Temat: Re: [exim] using port 587 for submission?
On 03/09/15 14:17, hw wrote:
> server_advertise_condition = ${if def:tls_cipher }


Ah, not quite. This option explicitly needs a string result
to activate:

server_advertise_condition = ${if def:tls_cipher {yes}{no}}



> After making /etc/shadow readable by the mail group, it kinda works. Is
> it really necessary to change permission on /etc/shadow?


Where in the processing flow does it fail without that change?

> "Kinda works" means that I can now send messages via port 587 without
> any authentication at all, with unencrypted authentication and when
> using STARTTLS. Authentication and encryption must be required, though.


So now you need to block 587 to non-auth'd use. Do that in your
mail-from ACL.

--
Cheers,
Jeremy