Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?

Inizio della pagina
Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
MGeorges Arnould at <-
MGeorges Arnould at ->
Delete this message
Reply to this message
Autore: Nico Erfurth
Data:  
To: Georges Arnould
CC: exim-users, Philip Hazel
Oggetto: Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?
Georges Arnould wrote:
>>I agree with Nico; that lookup of yours will end up as an empty string
>>if the lookup fails. So all the spammers have to do is supply an empty
>>string as a password for a non-existant user. At least, that's what
>>appears to be the case.
>
>
> Well, I thought about immediately suiciding myself, but you wouldn't have
> had this message. I just tested to send a message auth'ing with an empty
> password and my Fort Knox Mailer relayed the message as it was as precious
> as a love letter. I used the famous french "Ligne Maginot" strategy ...

You are not the first one ;)

Philip, maybe this should be in the docs, BIG AND FAT!
Somewhere in spec.txt related to the authenticators.

Nico



Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-users
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [Exim] Policy controls for local inputRe: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)