On 26/12/17 22:01, Heiko Schlittermann via Exim-users wrote:
Sebastian Arcus via Exim-users <[email protected]> (Di 26 Dez 2017 22:28:03
CET):
What is the simplest and best way to disable any AUTH on port 25? Up until
now I have the following working:
1. Only advertise TLS on port 587:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
I'm confused. This line doesn't do anything with TLS advertisement.
Sorry - you are right. That line is supposed to advertise AUTH only
if/after TLS has started - as far as I know.
You can modify it into
auth_advertise_hosts = ${if and{ \
=={$received_port}{587} \
def:tls_in_cipher \
} \
{*}}
(untested)
2. Disable authenticated connections without TLS:
acl_check_auth
deny message = TLS required on authenticated connections
! encrypted = *
However, I just realised that this disables opportunistic TLS in the SMTP
transport (server to server).
Currently I do not see, why this should disable TLS connections.
Sorry again - it must have been a long day. What I should have mentioned
is that I have the following option set as well:
tls_advertise_hosts = ${if eq {$interface_port}{587} {*}{}}
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
