Pkg exim4 users - Oct 2010 - Two (slightly) different configurations for port 25 and 587

Heyho!
I''m in the process of migrating my mailserver to exim4 (from postfix;
mostly
because I''d just like to try this tool.)
I could find various HOWTOs about how to set up port 587 with TLS for 
submission, but from what I see this just sets up TLS + authentication and 
then just has exim listen on port 25 and 587.
 
What I''d like to do:
 
 * don''t advertise STARTTLS at all on port 25 (I''ve had
problems with
several mailservers with broken implementations, so I don''t want them
to try
this.  I don''t want exim to use TLS on outgoing mail either, btw.)
 * don''t allow authentication at all on port 25 (no mail submission!)
 * on Port 587, exactly the other way round: only allow mail in after 
authentication via TLS.  Ideally, I''d like the antispam stuff that runs
on
port 25 incoming mail to run not at DATA time but after (and generate 
bounces), so people don''t get their email stuck in the outbox.
 
Is this easily possible?  (I admit that this is probably just a question of 
RTFM.  But the exim manual is 57 chapters long ... :-)
 
Also, but I admit I haven''t looked thoroughly on this yet, can I 
authenticate against PAM and not have a saslauthd or whatever running?  It 
would be nice to not have this additional component...
 
cheers
-- vbi 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 893 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20101021/4219d25d/attachment.pgp>

In <201010211020.21519 at fortytwo.ch>, Adrian von Bidder
wrote:
>What I''d like to do:
>
> * don''t advertise STARTTLS at all on port 25 (I''ve had
problems with
>several mailservers with broken implementations, so I don''t want
them to try
>this.  I don''t want exim to use TLS on outgoing mail either, btw.)
> * don''t allow authentication at all on port 25 (no mail
submission!)
> * on Port 587, exactly the other way round: only allow mail in after
>authentication via TLS.  Ideally, I''d like the antispam stuff that
runs on
>port 25 incoming mail to run not at DATA time but after (and generate
>bounces), so people don''t get their email stuck in the outbox.
>
>Is this easily possible?  (I admit that this is probably just a question of
>RTFM.  But the exim manual is 57 chapters long ... :-)
I believe you can use String expansions (Chapter 11) to make each of the 
relevant configuration options different depending on the port.  In particular 
the are two Expansion variables (Section 11.8): $interface_address and 
$interface_port.

I haven''t tested this at all.
-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss at iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-''(. .)`-''
http://iguanasuicide.net/                    \_/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20101021/487a0e0a/attachment.pgp>