Yes I do. How might I write that command to allow an authenicator over port
587?
On Jun 21, 2010, at 6:31 PM, John Jetmore wrote:
> Do you have something like this in your authenticators?
>
> server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
>
> That causes exim to only advertise the authenticator over a connection
> on which TLS has been negotiated.
>
> --John
>
> On Mon, Jun 21, 2010 at 7:52 PM, Rick Boucher <[email protected]> wrote:
>>
>> On Jun 18, 2010, at 11:44 AM, Odhiambo Washington wrote:
>>
>>>
>>>
>>> On Fri, Jun 18, 2010 at 9:28 PM, Rick Boucher <[email protected]>
>>> wrote:
>>> I have authentication working on port 465.
>>>
>>> How can I get it working on port 587 and 25?
>>>
>>>
>>> Why did you limit it to port 465? Just change the rule that causes the
>>> limitation and also make sure you do not force every host to authenticate
>>> if you are accepting external mail.
>>>
>>>
>>> --
>>> Best regards,
>>> Odhiambo WASHINGTON,
>>> Nairobi,KE
>>> +254733744121/+254722743223
>>
>> I did not mean to limit authentication to port 465. I just don't know what
>> rulle to change to get authenitcation on port 587.
>>
>> As I understand it (and by all means correct me please) tls deals with the
>> authentication and ssl deals with the certificate. I want my users to be
>> able to authenicate while traveling but not have to use a certificate.
>>
>> From my exim.conf
>> -------------------------------------------------------
>> # Allow any client to use TLS.
>> tls_advertise_hosts = *
>> tls_try_verify_hosts = *
>>
>>
>> daemon_smtp_ports = 25 : 465 : 587
>> tls_on_connect_ports = 465
>>
>> tls_verify_certificates = /etc/exim/certs/cacert.pem
>> tls_certificate = /etc/exim/certs/my.crt
>> tls_privatekey = /etc/exim/certs/mycert.key
>> log_selector = +tls_peerdn
>>
>>
>> received_header_text = "Received: \
>> ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
>> {${if def:sender_ident {from ${sender_ident} }}\
>> ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
>> by ${primary_hostname} \
>> ${if def:received_protocol {with ${received_protocol}}} \
>> ${if def:tls_cipher {($tls_cipher)\n\t}}\
>> ${if def:tls_peerdn
>> {($tls_peerdn)(verified=$tls_certificate_verified)\n\t}} \
>> (Exim ${version_number} #${compile_number})\n\t\
>> id ${message_id}\
>> ${if def:received_for {\n\tfor $received_for}}"
>>
>>
>> auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
>>
>> acl_check_rcpt:
>>
>> # Added by Rick
>> accept hosts = :
>>
>> deny local_parts = ^...@%!/|] : ^\\.
>>
>> accept local_parts = postmaster
>> domains = +local_domains
>>
>> accept hosts = +relay_from_hosts
>>
>> accept authenticated = *
>>
>> warn log_message = verified peer dn $tls_peerdn
>> condition = $tls_certificate_verified
>>
>> accept condition = $tls_certificate_verified
>>
>> #End add by Rick
>>
>>
>> -------------------------------------------------------
>>
>> I can send via 25 and 587 just fine if I don't try to authenticate. To
>> authenticate I have to use 465 and ssl.
>>
>> So what do I need to change?
>>
>> Rick
>> --
>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
-------------------------------------------------
Rick Boucher
Webmaster / Systems Admin
Orcas Online / San Juan Web
(360) 376-6411
http://www.orcasonline.com
http://www.sanjuanweb.com
The information source for the San Juan Islands
Plans for the next day - "Work, work from early to late. In fact
I have so much to do that I shall spend the first three hours in prayer."
- Martin Luther
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
