Kevin Shell via Exim-users <exim-users@???> (So 07 Feb 2021 13:10:49 CET):
> > itself requires a secure connection, like in most examples.
> >
…
> > acl_check_mail:
> >
> > require message = please authenticate first
> > authenticated = *
> >
> > require message = please use a secure transport
> > condition = IS_TLS
>
> Thank you all.
>
> I think maybe it's a good idea for
> the Exim source repository's configure.default template
> file configures this policy out of the box when ports 465, 587 are enabled.
That's not as easy as one might think. Port 25 should allow
unauthenticated access and probably allow even unencrypted connections.
It's a hard job to find a balance between a simple and straight forward
example config and a configuration that shows alls the bells and
whistles.
On a host used as MX and submission host, I'd use something like this:
acl_smtp_mail = ${if eq{$received_port}{25}{acl_check_mail}{acl_check_mail_submission}}
… and then configure the proper acl_check_mail and
acl_check_mail_submission ACL seperately.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
