Re: [Exim] how did I screw up?

Pàgina inicial
Delete this message
Reply to this message
Autor: Wakko Warner
Data:  
A: Marten Lehmann
CC: exim-users
Assumpte: Re: [Exim] how did I screw up?
> I'm planning to use the following authenticator:
>
> begin authenticators
>
> lsearch_plain:
>    driver = plaintext
>    public_name = PLAIN
>    server_prompts = :
>    server_condition = \
>      ${if eq \
>      {${lookup{$2}lsearch{/vrmd/exim/auth}{$value}}} {$3} \
>      {yes}{no}}
>      server_set_id = $2

>
> Is this server condition secure? I don't want anyone to send spam
> because of using a login which isn't listed in /vrmd/exim/auth and using
> an empty password.


No it's not. $2 = userid $3=pass
someone auths to you. $2 is not found in /vrmd/exim/auth thus
${lookup{$2}lsearch{/vrmd/exim/auth}{$value}} = ""
they use a blank pass, thus $3 = ""
and both match.
use this for your lookup:
${lookup{$2}lsearch{/vrmd/exim/auth}{$value}fail}

When it sees the "fail", it's forced to fail and the server_condition =
fails.
--
Lab tests show that use of micro$oft causes cancer in lab animals