Differences between version 67 and previous revision of EximNotes.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 67 | Last edited on Wednesday, August 23, 2006 8:03:36 pm | by CraigBox | Revert |
| Older page: | version 66 | Last edited on Wednesday, August 23, 2006 5:58:00 pm | by CraigBox | Revert |
@@ -434,9 +434,9 @@
</pre>
in your <tt>main</tt> section. Between 4.03 and 4.43, you can use [the -tls-on-connect command line parameter|http://exim.netmirror.org/exim-html-4.40/doc/html/FAQ_17.html#TOC322].
-587 is harder, because the rules are "either SMTP AUTH or SSL". [An Exim SSL/TLS recipe|http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20030210/msg00257.html] was posted to the list, which suggests (updated):
+587 is harder, because the rules are "either SMTP AUTH or SSL". [An Exim SSL/TLS recipe|http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20030210/msg00257.html] was posted to the list, which suggests (updated, and with client certs removed - you really want to only use SMTP AUTH
):
<pre>
# wlug: listen on 25 (smtp), 465 (ssmtp for Outlook) and 587 (submission)
daemon_smtp_port = 25:465:587
@@ -444,26 +444,21 @@
# uncomment to only allow auth if you're on by SSL
# auth_advertise_hosts = ${if eq{$tls_cipher}{}{localhost}{*}}
tls_advertise_hosts = *
-tls_try_verify_hosts = ${if eq{$interface_port}{587}{*}{}}
tls_certificate = /etc/exim4/server-cert.pem
tls_privatekey = /etc/exim4/server-key.pem
-tls_verify_certificates = /etc/exim/CA-file.pem
</pre>
..and in your RCPT ACL (near the top):
<pre>
accept authenticated = *
encrypted = *
-
- accept encrypted = *
- verify = certificate
accept condition = ${if eq{$interface_port}{587}{1}{0}}
endpass
- message = SMTP AUTH or client SSL certificate
required for port 587
+ message = SMTP AUTH required for port 587
authenticated = *
</pre>
