Package: exim4-config
Version: 4.94.2-7
Severity: normal
X-Debbugs-Cc: lzq...@gmail.com
In Debian unstable exim4.conf.template, the example authenticator for
Dovecot, dovecot_plain_server, does not enforce TLS security for plaintext
authentication by default.
The Exim config should be changed to only advertise AUTH if the connection
is encrypted, in line with the other plain text authenticators, by adding
the final three lines below:
# dovecot_plain_server:
# driver = dovecot
# public_name = PLAIN
# server_socket = /var/spool/exim4/dovecot.auth-client
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
