On Sun, Feb 07, 2021 at 12:25:17PM +0100, Heiko Schlittermann via Exim-users wrote: > Gedalya via Exim-users <[email protected]> (So 07 Feb 2021 09:20:43 CET): > > > > acl_check_rcpt_submit: > > As you pointed out in your other message: yes, it should be in the > acl_smtp_mail ACL section, if you want to check for successful > authentication prior the MAIL command. > > > > > require > > message = Secure authentication is required > > condition = ${if eq{$tls_cipher}{}{no}{yes}} > > authenticated = * > > The `condition = … tls_cipher` can be omitted, if your authenticator > itself requires a secure connection, like in most examples. > > I'd do it that way: > > ------------------------- > # allow overriding the macro on the commandline like in > # swaks … --pipe 'exim -DIS_TLS=true -bh …' > .ifndef IS_TLS > IS_TLS = ${if !eq{$tls_in_cipher}{}} > .endif > > begin acl > > acl_check_mail: > > require message = please authenticate first > authenticated = * > > require message = please use a secure transport > condition = IS_TLS > > begin auth > > plain: > driver = plain > server_advertise_condition = IS_TLS > ------------------------- >
Thank you all. I think maybe it's a good idea for the Exim source repository's configure.default template file configures this policy out of the box when ports 465, 587 are enabled. -- kevin -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
