> On 2009-10-13 at 09:12 -0700, John Doe wrote:
> > From: Phil Pennock <[email protected]>
> > > Since you're on 4.63, you can also use $auth2 instead of $2, for clarity
> > > (just double-checked, the clearer names were introduced in 4.61).
> >
> > done, thx.
> >
> > >> I have another question: how can I allow only encrypted/authenticated
> > >> connections?
[...]
> Yes.
>
> You want something like this (untested):
>
> acl_signedin_or25_check:
> accept condition = ${if ={25}{$interface_port}}
>
> require authenticated = *
> condition = ${if def:tls_cipher}
> message = Must be authenticated over TLS
>
> accept
>
>
> and then inside acl_check_rcpt you would have:
>
> require acl = acl_signedin_or25_check
>
>
> Make sense?
I think even more simple would be to use server_advertise_condition option for
desired authenticator. This example should work as requested: LOGIN
authentication mech won't be advertised (and won't be allowed even if
requested) without TLS established:
LOGIN:
driver = plaintext
server_set_id = $auth1
server_prompts = <| Username: | Password:
server_condition = ${if saslauthd{{$auth1}{$auth2}}}
server_advertise_condition = ${if def:tls_cipher}
Check spec[1] for details.
[1] http://www.exim.org/exim-html-current/doc/html/spec_html/ch33.html#SECID168
--
Alexey V. Degtyarev
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
