Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MNico Erfurth at <-
MMMFrank S. Bernhardt at ->
Delete this message
Reply to this message
Author: Georges Arnould
Date:  
To: Nico Erfurth
CC: exim-users
Subject: Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?
> in general you should verify that you lookup SOME password, I used
> server_condition = "${if eq\
> {${lookup{$1}lsearch{/usr/local/exim/etc/trusted_users}{$value}fail}}\
> {$2} {yes}{no}}"
> to make sure that the expansion fails if the lookup wasn't successful.

Well, I tried my syntax by using an inexistant user, and the AUTH blocked my
sending request. Meaning : when I try to use an unexistant user for login,
the AUTH is rejected and the mail is not send. But a guy managed to put
about 6000 mails in my spools with an unexistant user. That's why I wonder
if the guy used some kind of "prepared base64 data stream" to force my
system to accept his spam.

Thank's for your help !

Georges




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?Re: [Exim] Yahoo and Juno mail problems->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)