On 26/12/17 22:01, Heiko Schlittermann via Exim-users wrote:
> Sebastian Arcus via Exim-users <exim-users@???> (Di 26 Dez 2017 22:28:03 CET):
>> What is the simplest and best way to disable any AUTH on port 25? Up until
>> now I have the following working:
>>
>> 1. Only advertise TLS on port 587:
>>
>> auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
>
> I'm confused. This line doesn't do anything with TLS advertisement.
> You can modify it into
>
> auth_advertise_hosts = ${if and{ \
> =={$received_port}{587} \
> def:tls_in_cipher \
> } \
> {*}}
Thank you for the pointer. I ended up with the following two settings,
which seems to do what I want - allow TLS everywhere, but restrict AUTH
only to connections on port 587 which are also encrypted:
tls_advertise_hosts = *
auth_advertise_hosts = ${if and { {!eq {$tls_cipher}{}} \
{eq {$received_port}{587}} } {*}{}}
Thanks again!
