On 04/09/15 17:22, hw wrote: > * in acl_check_rcpt: > + accept mail from authenticated for relaying > + reject all hosts using connections on 587 without TLS > + as before, accept mail from all the hosts the server is relaying for > > * in acl_check_mail: > + deny everything on 587 unless TLS is used
> Hmmm ... It's a quite weird logic when you think about it, and anything > but straightforward. The requirement for authentication is merely > implicit. Shouldn't there be a better way to do this? Is there? I'm > not exactly fond of convoluted stuff like this. I would: - support 25, 587, 465/ssl-on-connect - in authenticators, only offer auth when encrypted - in mail acl, deny 587 unless encrypted (could go in rcpt but earlier is better) - in rcpt acl, require auth for any nonlocal destination (relaying) ... and not support any by-IP implicit authentication at all. If forced, bundle with the "real" auth check. Note that I don't support cram_md5 auth, where there's a better argument for permitting non-TLS'd auth. Also, the above doesn't enforce that road-warriors encrypt (they might have to use 25 to get through...). I've not mentioned auth-by-user-certificate, which is another possibility from 4.86 on. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
