Derrick 'dman' Hudson wrote: > On Thu, Jan 30, 2003 at 10:59:46AM +0100, Hendrik Sattler wrote: > | Derrick 'dman' Hudson wrote: > | > | > Note, however, that AUTH PLAIN isn't very secure. You should only > | > allow it if the client has first initiated a TLS connection. That > | > requires first setting up TLS. I don't know if exim 3 can restrict it > | > to a TLS session only, or how to do it. Either read the docs or > | > upgrade to exim 4 (I know how to check that in exim4). > | > | Exim3 can restrict it like exim4. > > That's good. What's the conf setting to achieve that?
http://www.exim.org/exim-html-3.30/doc/html/spec_11.html#IDX636 So shortly: auth_over_tls_hosts = * ACL handling in exim4 might be better but above works: $ telnet abc 26 Trying 129.13.114.79... Connected to abc. Escape character is '^]'. 220 abc ESMTP Exim 3.35 #1 Thu, 30 Jan 2003 20:19:43 +0100 ehlo test 250-abc Hello xyz [xxx.xxx.xxx.xxx] 250-SIZE 250-PIPELINING 250-STARTTLS 250 HELP AUTH 503 STARTTLS required before AUTH > | You forgot the LOGIN method that is needed by some clients. > > I did leave it out. The configuration side is basically the same as > for PLAIN. Some docs I read said LOGIN was never actually > standardized, so I thought it was a good idea not to use it. IIRC old > netscape and old lookout only handle LOGIN, and one (or both) of those > won't recognize it unless the server incorrectly advertises it. Well, putting it into the config doesn't hurt, either. > | CRAM-MD5 should not be needed as TLS should really be secure enough, > | isn't it? ;) > > Depends on whether you want to use TLS or not. Well, TLS/SSL is way more common that CRAM-MD5. Additionally, CRAM-MD5 does not work with PAM. HS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
