[Pkg-exim4-users] Force encryption and auth?

[Eliteforce]

Hello,

I'd like to set up exim to

* force TLS encryption from clients
* force SMTP auth. from clients

I tried switching around a couple of settings,
but I still can send mails from thunderbird without authentication
and without TLS.

My current setup:
MAIN_TLS_ENABLE = true
MAIN_TLS_ADVERTISE_HOSTS = *
---
dc_eximconfig_configtype='internet'
dc_other_hostnames='*******'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''    <- this will be changed to '*'
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='maildir_home'
---

I really don't know why this isn't working.
All I could think of to set for TLS was
tls_require_ciphers = AES : 3DES
but that didn't help.

I'm also using dovecot, so I tried to comment everything after
begin authenticators
and use the dovecot authenticator:
dovecot_plain:
  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_set_id = $auth1
but exim complained about "unknown driver dovecot"

So I replaced this with the cram_md5 driver, but I still could
send mails without auth.

That's a bit frustrating :/
Looks like I've overlooked (probably) something trivial!?

Any help is greatly appreciated,
thanks.

PS: my use case of the server:
I want authenticated/local users to be able to send mails to anyone,
mails from other server or clients should just be accepted, if the
"target" is a local user (I don't want this machine to be abused)

-- 
http://www.fastmail.fm - IMAP accessible web-mail