Bug#1037127: exim4-config: Example Dovecot authenticator for Exim allows plaintext non TLS AUTH by default

[Marc Haber]

On Mon, Jun 05, 2023 at 02:08:22PM +, Dominic Preston wrote:
> The Exim config should be changed to only advertise AUTH if the connection
> is encrypted, in line with the other plain text authenticators, by adding
> the final three lines below:

I made that MR #9.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Bug#1037127: exim4-config: Example Dovecot authenticator for Exim allows plaintext non TLS AUTH by default

[Dominic Preston]

Package: exim4-config
Version: 4.94.2-7
Severity: normal
X-Debbugs-Cc: lzq...@gmail.com

In Debian unstable exim4.conf.template, the example authenticator for
Dovecot, dovecot_plain_server, does not enforce TLS security for plaintext
authentication by default.

The Exim config should be changed to only advertise AUTH if the connection
is encrypted, in line with the other plain text authenticators, by adding
the final three lines below:

# dovecot_plain_server:
#   driver = dovecot
#   public_name = PLAIN
#   server_socket = /var/spool/exim4/dovecot.auth-client
#   server_set_id = $auth1
#   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
#   server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
#   .endif