Lähettäjä: Tim Jackson Päiväys: Vastaanottaja: exim-users Aihe: Re: [Exim] Using ACL to block spaam... possible?
On Sun, 23 Mar 2003 14:21:08 +0100 (CET) Nico wrote:
> I've tried to contact the ORDB-people one week ago, to add a check for
> this, but no reply yet :-/
That's an excellent idea. I guess it will add a bit of complexity to their
tests, as they would have to handle at least CRAM-MD5 and LOGIN but if
spammers really are starting to abuse this, then it would probably be
worth their while.
A suggestion to Philip: whilst updating the Exim Spec for 4.20, how about
including a couple of varieties of examples of AUTHs in the Spec? It does
cover things fully as it is currently, but given that it seems a number of
people have ended up as open relays due to null-username lookups (and this
is, certainly, a very easy mistake to make), perhaps you could add at
least one example of some kind of simple text file lookup? I know there is
an LDAP lookup in there, but that's a bit harder to decipher if someone's
just experimenting with AUTH. Other than that the examples are all based
on a single, hardcoded username/password combination which is good for the
purposes of demonstration, but I feel that a note about the "null
username" problem and a simple example using a plain text file lookup
(perhaps even contrasting two examples - "This is how NOT to do it" and
"This is how to do it safely") would probably help to drive the point
home.
