Re: [Exim] CRAM-MD5 fudging

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Tamas TEVESZ
Fecha:  
A: John Jetmore
Cc: exim-users
Asunto: Re: [Exim] CRAM-MD5 fudging
On Wed, 12 Mar 2003, John Jetmore wrote:

> > > > CHALLENGE = $tod_epoch@$primary_hostname


> it looks like exim changes the challenge every time you re-attempt


it does, if you

server_prompts = $pid.$tod_epoch@$whatnot

there is a BIG difference between putting a *macro* like above (which
is expanded *once* when the child is spawned) and this one i think you
did. the pids wouldn't have been the same otherwise.

> The first string is
> <6991.1047502537@???> and the second is
> <6991.1047502556@???>


i can't find any logical explanation for that, except the one outlined
above. granted i never did negative tests ;) (which is a bad thing,
actually, i *strongly* advise everyone do them especially when setting
up authenticators. i wonderfully run an open relay for a good while,
'cause i screwed up the auths, and they authenticated everyone. i
positive-tested it, it was ok. spammers negative-tested it too. it was
ok for them as well :>)


--
[-]
... and the rest is silence.