Dave Lugo, 2010-07-05 13:54:
>>> acl_check_auth:
>>> accept encrypted = *
>>> deny message = TLS encryption required
>> I would strongly recommend against this. This does not stop Exim from
>> announcing that AUTH PLAIN is supported, so clients would send AUTH
>> PLAIN together with their login information, e.g. "AUTH PLAIN
>> AGZvbwBiYXI=", so it's too late to reject it.
> It works great for me.
>
> My exim install doesn't offer AUTH PLAIN until STARTTLS
> has kicked in.
>
> This may be because I also have the near the
> beginning of my config:
>
> auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
You guessed right. :)
If Exim does not announce AUTH, it won't accept AUTH commands.
> So, do you still disrecommend this config, which
> doesn't offer AUTH until TLS is started? If yes,
> can you tell me why?
It does not hurt, but it's also useless (and therefore give a wrong
feeling of security).
Or do you have any "TLS encryption required" message in your log?
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
