On 26/12/17 22:01, Heiko Schlittermann via Exim-users wrote:
Sebastian Arcus via Exim-users <[email protected]> (Di 26 Dez 2017 22:28:03
CET):
What is the simplest and best way to disable any AUTH on port 25? Up until
now I have the following working:
1. Only advertise TLS on port 587:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
I'm confused. This line doesn't do anything with TLS advertisement.
You can modify it into
auth_advertise_hosts = ${if and{ \
=={$received_port}{587} \
def:tls_in_cipher \
} \
{*}}
Thank you for the pointer. I ended up with the following two settings,
which seems to do what I want - allow TLS everywhere, but restrict AUTH
only to connections on port 587 which are also encrypted:
tls_advertise_hosts = *
auth_advertise_hosts = ${if and { {!eq {$tls_cipher}{}} \
{eq {$received_port}{587}} } {*}{}}
Thanks again!
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
