Re: [Exim] SMTP AUTH concern

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: michael
Data:  
Para: exim-users
Asunto: Re: [Exim] SMTP AUTH concern
> I changed my AUTH PLAIN and AUTH LOGIN authenticators to force a failure
> if the lookup doesn't succeed, from
>
> plain:
>  driver = plaintext
>  public_name = PLAIN
>  server_set_id = $2
>  server_condition = ${if \
>    eq{$3}{${lookup{$2}lsearch{/etc/exim/passwd}}}{1}{0}}


What's wrong with this, besides needing to check that $3 does not expand
to an empty string? I use {true} and {false}, which works fine for me.

> to
>
> plain:
>  driver = plaintext
>  public_name = PLAIN
>  server_set_id = $2
>  server_condition = ${if \
>    eq{$3}{${lookup{$2}lsearch{/etc/exim/passwd}{$value}fail}}{1}{0}}


> However, whenever someone presents invalid auth data, they get a temporary
> (4xx series) error, rather than a permanent (5xx series) error. One would
> think that server_condition would fail when the ${if ...} expansion
> returns 0, as the documentation indicates.


AFAIK, there are three exits to "${if ...}": true, false and defer.
If the lookup returned no data, you enforce a failure. If that was
within a router, it would defer the message. With authentication, you
get a temporary error. Your first version would simply compare $3 to
an empty string, which never matches (assuming you make sure that $3 is
never empty), so the authenticator does not authenticate the connection.
You would get a temporary error only if the lookup fails, e.g. because
accessing /etc/exim/passwd generates an I/O error.

Michael