Hello,
I want to disable the whole smtp auth on port 25, so only we can login by TLS or SSL port.
I searched a lot and I didn’t find the correct confiugration for that in the forums.
May you guide me for this?
Thank you.
Hello,
I want to disable the whole smtp auth on port 25, so only we can login by TLS or SSL port.
I searched a lot and I didn’t find the correct confiugration for that in the forums.
May you guide me for this?
Thank you.
Interesting question. A quick Google search offers the following solution (note: I haven’t tried it, because I never used Exim4 before HestiaCP):
The common solution is to advertise the AUTH only for hosts that have chosen STARTTLS after unencrypted connection to the port 25:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
After the STARTTLS command is performed and TLS connection is established the
$tls_cipher
variable for current session becomes non-empty. Client now is advertized that AUTH is allowed while session is secured by TLS and no plaintext passwords are passed over the unuencripted connection.
smtp - How to deny authentication on port 25 in Exim mail server - Ask Ubuntu
Thanks a lot, it is done with the below configuration:
dovecot_plain:
driver = dovecot
public_name = PLAIN
server_socket = /var/run/dovecot/auth-client
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
server_set_id = $auth1
dovecot_login:
driver = dovecot
public_name = LOGIN
server_socket = /var/run/dovecot/auth-client
server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
server_set_id = $auth1
With this way no SMTP auth can be done by port 25, but I already bind 26 in exim, I want to configure PLAIN SMTP in this port , any connection PLAIN SMTP will be allowed on 26 only.
Is it possible to do this ? server_advertised_condition ?
So 465 , 587 will be working normal as it is
port 25 only receiving .
port 26 can send smtp plain.
looking forward @kpv
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.