On 03/09/15 14:17, hw wrote:
> server_advertise_condition = ${if def:tls_cipher }
Ah, not quite. This option explicitly needs a string result
to activate:
server_advertise_condition = ${if def:tls_cipher {yes}{no}}
> After making /etc/shadow readable by the mail group, it kinda works. Is
> it really necessary to change permission on /etc/shadow?
Where in the processing flow does it fail without that change?
> "Kinda works" means that I can now send messages via port 587 without
> any authentication at all, with unencrypted authentication and when
> using STARTTLS. Authentication and encryption must be required, though.
So now you need to block 587 to non-auth'd use. Do that in your
mail-from ACL.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
