Re: [exim] Exim authentication on port 465, 587

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Kevin Shell
Datum:  
To: exim-users
Betreff: Re: [exim] Exim authentication on port 465, 587
On Sun, Feb 07, 2021 at 12:25:17PM +0100, Heiko Schlittermann via Exim-users wrote:
> Gedalya via Exim-users <exim-users@???> (So 07 Feb 2021 09:20:43 CET):
> >
> > acl_check_rcpt_submit:
>
> As you pointed out in your other message: yes, it should be in the
> acl_smtp_mail ACL section, if you want to check for successful
> authentication prior the MAIL command.
>
> >
> >   require
> >     message = Secure authentication is required
> >     condition = ${if eq{$tls_cipher}{}{no}{yes}}
> >     authenticated = *
>
> The `condition = … tls_cipher` can be omitted, if your authenticator
> itself requires a secure connection, like in most examples.
>
> I'd do it that way:
>
>         -------------------------
>         # allow overriding the macro on the commandline like in
>         # swaks … --pipe 'exim -DIS_TLS=true -bh …'
>         .ifndef IS_TLS
>         IS_TLS = ${if !eq{$tls_in_cipher}{}}
>         .endif

>
>         begin acl

>
>                 acl_check_mail:

>
>                 require message = please authenticate first
>                         authenticated = *

>
>                 require message = please use a secure transport
>                         condition = IS_TLS

>
>         begin auth

>
>             plain:
>                 driver = plain
>                 server_advertise_condition = IS_TLS
>         -------------------------

>


Thank you all.

I think maybe it's a good idea for
the Exim source repository's configure.default template
file configures this policy out of the box when ports 465, 587 are enabled.

--
kevin