Re: [Exim] SMTP AUTH obsurification?

Top Page
Delete this message
Reply to this message
Author: Matthew Byng-Maddick
Date:  
To: exim-users
Subject: Re: [Exim] SMTP AUTH obsurification?
On Thu, Aug 08, 2002 at 02:05:57PM +0100, Steve Haslam wrote:
> On Thu, Aug 08, 2002 at 08:34:19AM -0400, Dave C. wrote:
> > On Thu, 8 Aug 2002, Tamas TEVESZ wrote:
> > > ASMTP_HEADER_SECRET = pangalaktikgargleblaster
> > > received_header_text = "Received: \
> > >     [...]
> > >     ${if def:authenticated_id { (authenticated sender: ${md5:${authenticated_id}${message_id}ASMTP_HEADER_SECRET})}}\
> > >     [...]
> > > or you can put it in an X- header or something.
> > Ok, then how do I decode that? AFAIK, md5 is a one-way hash.
> Hrm, you'd have to take a list of all IDs and just try doing them until you
> find a match, I think.


Yes, with MD5. It is a one-way hash. (I've been trying to think of a nice
way of doing this, but I can't see one with the operations you have directly
within exim).

My recommendation would be to go with the embedded perl route. (you could
hack exim, but OpenSSL's EVP_ functions will make you feel sick).

If you're doing that, I recommend using Crypt::CBC(), and you can include
your key and a way of coding it and decoding it.

If perl is a problem for you to include, then it's going to be quite
difficult.

MBM

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/