Or, would this work?
auth_advertise_hosts = localhost : ${if eq{$tls_cipher}{}{nope}{*}}
taken from:
http://serverfault.com/questions/617848/exim4-require-tls-for-all-hosts-but-localhost
Any downside?
Also, where/how to implement?
----- Original Message -----
From: [email protected]
To: [email protected]
Sent: Tuesday, November 18, 2014 9:45:18 AM
Subject: Re: [exim] is it possible to whitelist specific IP or port 26 to allow
plain-text logins?
Thanks (again) Jeremy,
By any chance would you know either (1) which file I need to modify from the
Linux command line or (2) which section in WHM's Exim Configuration Manager's
Advanced Editor (see below) this code needs to be placed?
Sorry, I'm a total newbie working with Exim.
I see the Advanced Editor in WHM includes quite a bit of options. There is a
section that already includes server_condition. I'll paste a little before and
after where server_condition is located for reference:
...
Section: ENDACL
<there's a text area here to insert code>
begin authenticators
courier_plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if and{{!match {$auth2}{\N[/]\N}}{eq{${if match
{$auth2}{\N[+%:@]\N}{${look
up{${extract{2}{+%:@}{$auth2}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth2}lsearch{/etc/demouse
rs}{yes}}}}}{}}{!eq{${extract{address}{${readsocket{/var/spool/authdaemon/socket}{AUTH
${strlen:exim
\{$sender_host_address\|$received_ip_address\}\nlogin\n$auth2\n$auth3\n}\nexim\{$sender_host_address
\|$received_ip_address\}\nlogin\n$auth2\n$auth3\n}}}}}{}}}{true}{false}}
server_set_id = $auth2
server_advertise_condition = ${if or
{{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}
}}{1}{0}}
courier_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if and{{!match {$auth1}{\N[/]\N}}{eq{${if match
{$auth1}{\N[+%:@]\N}{${lookup
{${extract{2}{+%:@}{$auth1}}}lsearch{/etc/demodomains}{yes}}}{${lookup{$auth1}lsearch{/etc/demousers
}{yes}}}}}{}}{!eq{${extract{address}{${readsocket{/var/spool/authdaemon/socket}{AUTH
${strlen:exim\{
$sender_host_address\|$received_ip_address\}\nlogin\n$auth1\n$auth2\n}\nexim\{$sender_host_address\|
$received_ip_address\}\nlogin\n$auth1\n$auth2\n}}}}}{}}}{true}{false}}
server_set_id = $auth1
server_advertise_condition = ${if or
{{def:tls_cipher}{match_ip{$sender_host_address}{+loopback}}}
{1}{0}}
Section: AUTH
<there's a text area here to insert code>
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
Section: REWRITE
<there's a text area here to insert code>
...
----- Original Message -----
From: "Jeremy Harris" <[email protected]>
To: [email protected]
Sent: Tuesday, November 18, 2014 8:24:24 AM
Subject: Re: [exim] is it possible to whitelist specific IP or port 26 to allow
plain-text logins?
On 18/11/14 14:56, [email protected] wrote:
> Could someone give an example how to use server_condition to whitelist either
> a port or IP address from a rule selected in Cpanel for " Require clients to
> connect with SSL or issue the STARTTLS command before they are allowed to
> authenticate with the server" ? Or, other workaround.
server_advertised_condition = ${if = {$received_port}{26}}
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
