Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Georges Arnould
Data:  
Para: Nico Erfurth
CC: exim-users
Asunto: Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?
> in general you should verify that you lookup SOME password, I used
> server_condition = "${if eq\
> {${lookup{$1}lsearch{/usr/local/exim/etc/trusted_users}{$value}fail}}\
> {$2} {yes}{no}}"
> to make sure that the expansion fails if the lookup wasn't successful.


Well, I tried my syntax by using an inexistant user, and the AUTH blocked my
sending request. Meaning : when I try to use an unexistant user for login,
the AUTH is rejected and the mail is not send. But a guy managed to put
about 6000 mails in my spools with an unexistant user. That's why I wonder
if the guy used some kind of "prepared base64 data stream" to force my
system to accept his spam.

Thank's for your help !

Georges