------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
http://www.exim.org/bugzilla/show_bug.cgi?id=512 ------- Comment #3 from [EMAIL PROTECTED] 2007-06-14 20:43 ------- (In reply to comment #2) > I'm trying to work out why this is necessary. Can't you just set > hosts_require_tls to the same list as hosts_require_auth? Secondly, I don't > think you need a new variable. Won't tls_cipher do? What am I missing here? tls_cipher is the cipher used when the message was received and isn't (AFAICT) set to the outbound cipher; the only current handling of the outbound cipher is that the +tls_cipher log selector will get the connection's cipher. I doubt that it'd be a good plan to change which security context the variable refers to just because it's being used in an smtp transport. Hence the new variable. I've just set up Exim on my laptop; I'll use multiple smarthosts, depending upon where I am. I don't mind if a smarthost offers GSSAPI or DIGEST-MD5 (or even CRAM-MD5) authentication in cleartext. I do mind if it suddenly offers plaintext authentication in cleartext. Just as you can use server_advertise_condition to confirm ${if def:tls_cipher} before offering plaintext, the reciprocal client security should be able to set, by policy, that plaintext will only be tried in the smtp transport if protected by the cipher. No matter where the host is. Policy encoding, rather than current host list encoding. PS: Exim works great on MacOS 10.4.9 x86. I probably did need the fink packages though, so I don't know how it would be on a "bare" system. :^) -- Configure bugmail: http://www.exim.org/bugzilla/userprefs.cgi?tab=email -- ## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
