-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hi fred,
> Morning already? Geez, I gotta get to bed! ;)
i KNEW i was forgetting something! 8-}
>> | here's the comparison ...
> OK, seems clear enough. When you have an encrypted session, you must
> be taking a different (and wrong) path through your DATA (or MIME)
> ACL.
hrm. rats. ^%*&%*. humbug. i swear i've looked ...
> Also of interest, you don't advertise SMTP AUTH in an unencrypted
> session, even though you support CRAM-MD5. So the non-TLS session
> isn't authenticated either.
i'm fairly certain that's on purpose:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
the idea being, unless a sending client is using TLS, don't advertise anything
... hence
(eventually) 'enforcing' use of TLS, no?
> Check your MIME (if you have one) and DATA ACL's for conditions
> referencing $tls_cipher, $authenticated_id, and/or
> $sender_host_authenticated.
will do. but i am simply too bleary eyed tonite ...
i'll report back what i find tomorrow.
thx again!
richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
iEYEAREDAAYFAkNKF4kACgkQGnqMy4gvZ6G2NwCfRncf9Mte0YrXOVzHcjehiZRC
W+wAnj9udn+abVT8qZHekMI2cUkEMwAp
=B/Qp
-----END PGP SIGNATURE-----
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
