Re: [Exim] SMTP AUTH concern

Pàgina inicial
Delete this message
Reply to this message
Autor: Phil Brutsche
Data:  
A: Andy De Petter
CC: exim-users
Assumpte: Re: [Exim] SMTP AUTH concern
A long time ago, in a galaxy far, far way, someone said...

>
> Hello,
>
> After running into a few problems, with my SMTP authentication, I found out
> that there might be some security issues involved, in sending mails through
> an SMTP AUTH server. It might be a configuration problem at my side, so in
> that case, I'ld like some explanation on what I've done wrong.
>
> I'm running Exim 3.20, with the following configuration options, to enable
> SMTP AUTH:


I recently had the same problem.

I changed my AUTH PLAIN and AUTH LOGIN authenticators to force a failure
if the lookup doesn't succeed, from

plain:
driver = plaintext
public_name = PLAIN
server_set_id = $2
server_condition = ${if \
eq{$3}{${lookup{$2}lsearch{/etc/exim/passwd}}}{1}{0}}

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if \
eq{$2}{${lookup{$1}lsearch{/etc/exim/passwd}}}{1}{0}}
server_set_id = $1

to

plain:
driver = plaintext
public_name = PLAIN
server_set_id = $2
server_condition = ${if \
eq{$3}{${lookup{$2}lsearch{/etc/exim/passwd}{$value}fail}}{1}{0}}

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if \
eq{$2}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}fail}}{1}{0}}
server_set_id = $1

However, whenever someone presents invalid auth data, they get a temporary
(4xx series) error, rather than a permanent (5xx series) error. One would
think that server_condition would fail when the ${if ...} expansion
returns 0, as the documentation indicates.

Unless, of course, we're both missing a detail on the ${if ...} expansions
:)

- -- 
- ----------------------------------------------------------------------
Phil Brutsche                    pbrutsch@???


GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc