Chris Huff wrote:
> I thought i had a secure setup. I would see people try and relay off of me
> all the time but all of the sudden i noticed my server was being used as a
> relay for a spammer and Im quite pissed off and dissapointed. Im not sure
> what i did wrong.
....
> fixed_login:
> driver = plaintext
> public_name = LOGIN
> server_condition = "${if eq
> {${lookup{$1}lsearch{/usr/local/exim/exim.passwd}{$value}}} {$2} {yes}
> {no}}"
> server_set_id = $1
> server_prompts = "Username:: : Password::"
${lookup{$1}lsearch{/usr/local/exim/exim.passwd}{$value}}
What will it return in case of no match .... an empty string, the
spammer authenticates with "server:" user=server password=<EMPTY>
so your condition becomes
${if eq {} {} {yes}{no}}
so it returns "yes", the usual way to solve this is using the fail
keyword as the last argument of the lookup, this will make the expansion
fail completly.
${lookup{$1}lsearch{/usr/local/exim/exim.passwd}{$value}fail}
^^^^
Nico
