Do you have something like this in your authenticators?
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
That causes exim to only advertise the authenticator over a connection
on which TLS has been negotiated.
--John
On Mon, Jun 21, 2010 at 7:52 PM, Rick Boucher <[email protected]> wrote:
>
> On Jun 18, 2010, at 11:44 AM, Odhiambo Washington wrote:
>
>>
>>
>> On Fri, Jun 18, 2010 at 9:28 PM, Rick Boucher <[email protected]>
>> wrote:
>> I have authentication working on port 465.
>>
>> How can I get it working on port 587 and 25?
>>
>>
>> Why did you limit it to port 465? Just change the rule that causes the
>> limitation and also make sure you do not force every host to authenticate if
>> you are accepting external mail.
>>
>>
>> --
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254733744121/+254722743223
>
> I did not mean to limit authentication to port 465. I just don't know what
> rulle to change to get authenitcation on port 587.
>
> As I understand it (and by all means correct me please) tls deals with the
> authentication and ssl deals with the certificate. I want my users to be able
> to authenicate while traveling but not have to use a certificate.
>
> From my exim.conf
> -------------------------------------------------------
> # Allow any client to use TLS.
> tls_advertise_hosts = *
> tls_try_verify_hosts = *
>
>
> daemon_smtp_ports = 25 : 465 : 587
> tls_on_connect_ports = 465
>
> tls_verify_certificates = /etc/exim/certs/cacert.pem
> tls_certificate = /etc/exim/certs/my.crt
> tls_privatekey = /etc/exim/certs/mycert.key
> log_selector = +tls_peerdn
>
>
> received_header_text = "Received: \
> ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
> {${if def:sender_ident {from ${sender_ident} }}\
> ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
> by ${primary_hostname} \
> ${if def:received_protocol {with ${received_protocol}}} \
> ${if def:tls_cipher {($tls_cipher)\n\t}}\
> ${if def:tls_peerdn
> {($tls_peerdn)(verified=$tls_certificate_verified)\n\t}} \
> (Exim ${version_number} #${compile_number})\n\t\
> id ${message_id}\
> ${if def:received_for {\n\tfor $received_for}}"
>
>
> auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
>
> acl_check_rcpt:
>
> # Added by Rick
> accept hosts = :
>
> deny local_parts = ^...@%!/|] : ^\\.
>
> accept local_parts = postmaster
> domains = +local_domains
>
> accept hosts = +relay_from_hosts
>
> accept authenticated = *
>
> warn log_message = verified peer dn $tls_peerdn
> condition = $tls_certificate_verified
>
> accept condition = $tls_certificate_verified
>
> #End add by Rick
>
>
> -------------------------------------------------------
>
> I can send via 25 and 587 just fine if I don't try to authenticate. To
> authenticate I have to use 465 and ssl.
>
> So what do I need to change?
>
> Rick
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
