Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Georges Arnould
Datum:  
To: Nico Erfurth
CC: exim-users
Betreff: Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?
> I bet your authenticator config is broken, if it can't lookup the
> username it will accept anything as password, try it yourself.
> Show use your auth-config, and we can help you.


Here it is ... It has never changed for a year ... And someone managed to
pass through yesterday. I wonder if my config. is broken ... But I would
enjoy it is (meaning no recompil, no reinstall, etc.) ...

Thank's for your appreciated help !

Georges


fixed_login:
       driver = plaintext
       public_name = LOGIN
       server_condition = "${if eq
{${lookup{$1}lsearch{/usr/local/exim/etc/trusted_users}{$value}}} {$2} {yes}
{no}}"
       server_set_id = $1
       server_prompts = "Username:: : Password::"