A long time ago, in a galaxy far, far way, someone said...
>
> Hello,
>
> After running into a few problems, with my SMTP authentication, I found out
> that there might be some security issues involved, in sending mails through
> an SMTP AUTH server. It might be a configuration problem at my side, so in
> that case, I'ld like some explanation on what I've done wrong.
>
> I'm running Exim 3.20, with the following configuration options, to enable
> SMTP AUTH:
I recently had the same problem.
I changed my AUTH PLAIN and AUTH LOGIN authenticators to force a failure
if the lookup doesn't succeed, from
plain:
driver = plaintext
public_name = PLAIN
server_set_id = $2
server_condition = ${if \
eq{$3}{${lookup{$2}lsearch{/etc/exim/passwd}}}{1}{0}}
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if \
eq{$2}{${lookup{$1}lsearch{/etc/exim/passwd}}}{1}{0}}
server_set_id = $1
to
plain:
driver = plaintext
public_name = PLAIN
server_set_id = $2
server_condition = ${if \
eq{$3}{${lookup{$2}lsearch{/etc/exim/passwd}{$value}fail}}{1}{0}}
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if \
eq{$2}{${lookup{$1}lsearch{/etc/exim/passwd}{$value}fail}}{1}{0}}
server_set_id = $1
However, whenever someone presents invalid auth data, they get a temporary
(4xx series) error, rather than a permanent (5xx series) error. One would
think that server_condition would fail when the ${if ...} expansion
returns 0, as the documentation indicates.
Unless, of course, we're both missing a detail on the ${if ...} expansions
:)
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch@???
GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key:
http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
