[exim] Best/correct way to disable AUTH on port 25?

Top Page
Delete this message
Reply to this message
Author: Sebastian Arcus
Date:  
To: Exim Users
Subject: [exim] Best/correct way to disable AUTH on port 25?
What is the simplest and best way to disable any AUTH on port 25? Up
until now I have the following working:

1. Only advertise TLS on port 587:

     auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}


2. Disable authenticated connections without TLS:

acl_check_auth

   deny message      = TLS required on authenticated connections
        ! encrypted   = *



However, I just realised that this disables opportunistic TLS in the
SMTP transport (server to server).

Could I use something like server_advertise_condition instead to only
advertise AUTH on port 587 (and if yes, will that disallow AUTH on 25
completely, not just not advertise it?