[Exim] SMTP AUTH concern

Top Page
Delete this message
Reply to this message
Author: Andy De Petter
Date:  
To: exim-users
Subject: [Exim] SMTP AUTH concern
Hello,

After running into a few problems, with my SMTP authentication, I found out
that there might be some security issues involved, in sending mails through
an SMTP AUTH server. It might be a configuration problem at my side, so in
that case, I'ld like some explanation on what I've done wrong.

I'm running Exim 3.20, with the following configuration options, to enable
SMTP AUTH:

----------
plain:
    driver = plaintext
    public_name = PLAIN
    server_condition = "\
        ${if crypteq{$3}{${lookup mysql {QUERY_SMTP_AUTH_PLAIN} {$value}}} {yes}
{no}}"
    server_set_id = $2


login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "\
        ${if crypteq{$2}{${lookup mysql {QUERY_SMTP_AUTH_LOGIN} {$value}}} {yes}
{no}}"
    server_set_id = $1
----------


with the following queries:

QUERY_SMTP_AUTH_PLAIN = SELECT DISTINCT password FROM MYSQL_AUTHTABLE WHERE
MYSQL_DOMAINFIELD LIKE '${domain:$2}' AND MYSQL_USERNAMEFIELD LIKE
'${local_part:$2}' AND MYSQL_ISALIASFIELD='no'

QUERY_SMTP_AUTH_LOGIN = SELECT DISTINCT password FROM MYSQL_AUTHTABLE WHERE
MYSQL_DOMAINFIELD LIKE '${domain:$1}' AND MYSQL_USERNAMEFIELD LIKE
'${local_part:$1}' AND MYSQL_ISALIASFIELD='no'

Now, I test this, with telnet to port 25, username "test@???",
password "test" (generated CnRlc3RAa3JhbWVyaWEubmV0CnRlc3QK as md5):

250-SIZE
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
AUTH PLAIN CnRlc3RAa3JhbWVyaWEubmV0CnRlc3QK
235 Authentication succeeded

And it appears to work. Now, what I've found out, is that you can
authenticate with *anything*, even non-existing users, or users with bad
password. Let's try this:

250-SIZE
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
AUTH PLAIN
235 Authentication succeeded

or:

250-SIZE
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
AUTH PLAIN test
235 Authentication succeeded

I assume this is not normal behaviour, so I was wondering whether there are
other people, that have the same problem? And what can be done about it, to
avoid this?

TIA,

-Andy

--
......................................................................
:                                                                    :
:                           Andy De Petter <adepette@???>   :
:    Skynet   NV/SA                                System Engineer   :
:                                                                    :
: Kol. Bourgstraat 124          _,'|            _.-''``-...___..--'; :
:    1140  Brussels            /, \'.      _..-' ,      ,--...--'''  :
:                             < \   .`--'''      `     /|            :
:   IPv6 ADP17-6BONE           `-,;'              ;   ; ;            :
:    ICQ # 1548957        __...--''     __...--_..'  .;.'            :
:                        (,__....----'''      (,..--''               :
: http://www.skynet.be                                               :
......................................................................


The opinions expressed are personal.