Only allow smtp auth login if encryption is enabled


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Email » Exim

Only allow smtp auth login if encryption is enabledLast Modified: Nov 9, 2016, 12:30 am
It's more secure to require that a connection uses TLS/SSL before passing the password over the internet.

You can force exim to do so by adding the line to your authenticators:

server_advertise_condition = ${if def:tls_in_cipher }



to your /etc/exim.conf authenticators.

They might look like this:

##################################################################################
# AUTHENTICATION CONFIGURATION
##################################################################################
begin authenticators

plain:
   driver = plaintext
   public_name = PLAIN
   server_prompts = :
   server_condition = "${perl{smtpauth}{0}}"
   server_set_id = $2
   server_advertise_condition = ${if def:tls_in_cipher }

login:
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   server_condition = "${perl{smtpauth}{0}}"
   server_set_id = $1
   server_advertise_condition = ${if def:tls_in_cipher }



Related, see section #7 of this document:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_default_configuration_file.html#SECTdefconfauth
 
Related Helpfiles
Force SSL encryption with Dovecot for IMAPS/POPS

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST