Knowledgebase
Only allow smtp auth login if encryption is enabled
It's more secure to require that a connection uses TLS/SSL before passing the password over the internet.
You can force exim to do so by adding the line to your authenticators:
to your /etc/exim.conf authenticators.
They might look like this:
Related, see section #7 of this document:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_default_configuration_file.html#SECTdefconfauth
You can force exim to do so by adding the line to your authenticators:
server_advertise_condition = ${if def:tls_in_cipher }
to your /etc/exim.conf authenticators.
They might look like this:
##################################################################################
# AUTHENTICATION CONFIGURATION
##################################################################################
begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = "${perl{smtpauth}{0}}"
server_set_id = $2
server_advertise_condition = ${if def:tls_in_cipher }
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}{0}}"
server_set_id = $1
server_advertise_condition = ${if def:tls_in_cipher }
Related, see section #7 of this document:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_default_configuration_file.html#SECTdefconfauth