Re: [exim] Authentication on port 587 and 25

Mon, 21 Jun 2010 16:55:50 -0700 

On Jun 18, 2010, at 11:44 AM, Odhiambo Washington wrote:

> 
> 
> On Fri, Jun 18, 2010 at 9:28 PM, Rick Boucher <[email protected]> wrote:
> I have authentication working on port 465.
> 
> How can I get it working on port 587 and 25?
> 
> 
> Why did you limit it to port 465? Just change the rule that causes the 
> limitation and also make sure you do not force every host to authenticate if 
> you are accepting external mail. 
> 
> 
> -- 
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223

I did not mean to limit authentication to port 465.  I just don't know what 
rulle to change to get authenitcation on port 587.  

As I understand it (and by all means correct me please) tls deals with the 
authentication and ssl deals with the certificate. I want my users to be able 
to authenicate while traveling but not have to use a certificate.

>From my exim.conf
-------------------------------------------------------
# Allow any client to use TLS.
tls_advertise_hosts = *
tls_try_verify_hosts = *


daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465

tls_verify_certificates = /etc/exim/certs/cacert.pem
tls_certificate = /etc/exim/certs/my.crt
tls_privatekey = /etc/exim/certs/mycert.key
log_selector = +tls_peerdn


received_header_text = "Received: \
    ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
    {${if def:sender_ident {from ${sender_ident} }}\
    ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
    by ${primary_hostname} \
    ${if def:received_protocol {with ${received_protocol}}} \
    ${if def:tls_cipher {($tls_cipher)\n\t}}\
    ${if def:tls_peerdn 
{($tls_peerdn)(verified=$tls_certificate_verified)\n\t}} \
    (Exim ${version_number} #${compile_number})\n\t\
    id ${message_id}\
    ${if def:received_for {\n\tfor $received_for}}"


auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}

acl_check_rcpt:

# Added by Rick
  accept  hosts = :

  deny    local_parts   = ^...@%!/|] : ^\\.

  accept  local_parts   = postmaster
          domains       = +local_domains

  accept  hosts         = +relay_from_hosts

  accept  authenticated = *

  warn  log_message = verified peer dn $tls_peerdn
        condition = $tls_certificate_verified

  accept condition = $tls_certificate_verified

#End add by Rick


-------------------------------------------------------

I can send via 25 and 587 just fine if I don't try to authenticate.  To 
authenticate I have to use 465 and ssl.

So what do I need to change?

Rick
-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to