Re: [exim] Best/correct way to disable AUTH on port 25?

Top Page

Reply to this message
Author: Sebastian Arcus
Date:  
To: exim-users
Subject: Re: [exim] Best/correct way to disable AUTH on port 25?
On 26/12/17 22:01, Heiko Schlittermann via Exim-users wrote:
> Sebastian Arcus via Exim-users <exim-users@???> (Di 26 Dez 2017 22:28:03 CET):
>> What is the simplest and best way to disable any AUTH on port 25? Up until
>> now I have the following working:
>>
>> 1. Only advertise TLS on port 587:
>>
>>      auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

>
> I'm confused. This line doesn't do anything with TLS advertisement.
> You can modify it into
>
>      auth_advertise_hosts = ${if and{ \
>                                      =={$received_port}{587} \
>                                      def:tls_in_cipher \
>                                  } \
>                              {*}}


Thank you for the pointer. I ended up with the following two settings,
which seems to do what I want - allow TLS everywhere, but restrict AUTH
only to connections on port 587 which are also encrypted:

tls_advertise_hosts = *
auth_advertise_hosts = ${if and { {!eq {$tls_cipher}{}} \
              {eq {$received_port}{587}} } {*}{}}



Thanks again!