Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPhilip Hazel at <-
MMNico Erfurth at ->
Delete this message
Reply to this message
Author: Georges Arnould
Date:  
To: exim-users, Nico Erfurth
Subject: Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?
> I agree with Nico; that lookup of yours will end up as an empty string
> if the lookup fails. So all the spammers have to do is supply an empty
> string as a password for a non-existant user. At least, that's what
> appears to be the case.

Well, I thought about immediately suiciding myself, but you wouldn't have
had this message. I just tested to send a message auth'ing with an empty
password and my Fort Knox Mailer relayed the message as it was as precious
as a love letter. I used the famous french "Ligne Maginot" strategy ...

- "And then, we heard a gun shooting, Mr Policeman !"

_Many_ thanks !

Georges




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?Re: [Exim] [ Exim 3.36 ] SMTP AUTH hacked ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)