Re: [Exim] help with exim syntax

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Alexey Promokhov
CC: exim-users
Subject: Re: [Exim] help with exim syntax
On Thu, Feb 21, 2002 at 10:34:30PM +0300, Alexey Promokhov wrote:
> Hard but nice exercise. :)
>
> server_condition = "${if or {{eq{${lookup{lc:$1}lsearch{/etc/mail/smtpauthdb}{$value}{fail}}}{$2}}{pam{${lc:$1}:$2}}}{1}{0}}"
>
> Note syntax of ${lookup}, don't forget about dollar sign.


Darn, I still forgot something, thanks for finding that.
Actually I forgot something else too for lc: ${lookup{${lc:$1}}}

The correct line is therefore:
server_condition = "${if or {{eq{${lookup{${lc:$1}}lsearch{/etc/mail/smtpauthdb}{$value}{SecretString}}}{$2}}{pam{${lc:$1}:$2}}}{1}{0}}"

> Also note security bug. Looking for username that does not listed in
> /etc/mail/smtpauthdb will result string "fail". So intruder can enter
> "fail" as password and will be validated. Replace it with something
> else, like "rirhjuiuiehjqeyhgryug" ;)


Very good point, thanks for pointing that out.

It's all working fine and dandy now. Thanks for your help.

Hopefully the string will be useful to others too, the reason I wanted it is
that I want to authenticate mail clients against PAM, but I also wanted a
file DB of remote MTAs and passwords (I don't want a user to hardcode his
company user password in his exim configuration file, so I'll give him an
SMTP AUTH only login and password)

Marc
--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key