Am 03.09.2015 um 15:37 schrieb Jeremy Harris:
On 03/09/15 14:17, hw wrote:
server_advertise_condition = ${if def:tls_cipher }
Ah, not quite. This option explicitly needs a string result
to activate:
server_advertise_condition = ${if def:tls_cipher {yes}{no}}
Thanks, I changed that. The LOGIN authenticator is now configured, too.
After making /etc/shadow readable by the mail group, it kinda works. Is
it really necessary to change permission on /etc/shadow?
Where in the processing flow does it fail without that change?
It fails when I set the MUA to use STARTTLS and "normal password"
authentication.
"Kinda works" means that I can now send messages via port 587 without
any authentication at all, with unencrypted authentication and when
using STARTTLS. Authentication and encryption must be required, though.
So now you need to block 587 to non-auth'd use. Do that in your
mail-from ACL.
Not acl_smtp_mailauth? I tried in acl_check_helo and only was rejected
all the time.
Why is this so awfully difficult and painful? I've been dreading it for
years ...
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
