Re: [exim] Exim authentication on port 465, 587

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Exim authentication on port 465, 587
Gedalya via Exim-users <exim-users@???> (So 07 Feb 2021 09:20:43 CET):
>
> acl_check_rcpt_submit:


As you pointed out in your other message: yes, it should be in the
acl_smtp_mail ACL section, if you want to check for successful
authentication prior the MAIL command.

>
>   require
>     message = Secure authentication is required
>     condition = ${if eq{$tls_cipher}{}{no}{yes}}
>     authenticated = *


The `condition = … tls_cipher` can be omitted, if your authenticator
itself requires a secure connection, like in most examples.

I'd do it that way:

        -------------------------
        # allow overriding the macro on the commandline like in
        # swaks … --pipe 'exim -DIS_TLS=true -bh …'
        .ifndef IS_TLS
        IS_TLS = ${if !eq{$tls_in_cipher}{}}
        .endif


        begin acl


                acl_check_mail:


                require message = please authenticate first
                        authenticated = *


                require message = please use a secure transport
                        condition = IS_TLS


        begin auth


            plain:
                driver = plain
                server_advertise_condition = IS_TLS
        -------------------------


    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -