> I'm planning to use the following authenticator:
>
> begin authenticators
>
> lsearch_plain:
> driver = plaintext
> public_name = PLAIN
> server_prompts = :
> server_condition = \
> ${if eq \
> {${lookup{$2}lsearch{/vrmd/exim/auth}{$value}}} {$3} \
> {yes}{no}}
> server_set_id = $2
>
> Is this server condition secure? I don't want anyone to send spam
> because of using a login which isn't listed in /vrmd/exim/auth and using
> an empty password.
No it's not. $2 = userid $3=pass
someone auths to you. $2 is not found in /vrmd/exim/auth thus
${lookup{$2}lsearch{/vrmd/exim/auth}{$value}} = ""
they use a blank pass, thus $3 = ""
and both match.
use this for your lookup:
${lookup{$2}lsearch{/vrmd/exim/auth}{$value}fail}
When it sees the "fail", it's forced to fail and the server_condition =
fails.
--
Lab tests show that use of micro$oft causes cancer in lab animals
