Re: [Exim] Limited relaying

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Wakko Warner
Date:  
À: Joe Wagg
CC: exim-users
Sujet: Re: [Exim] Limited relaying
> I'd like to permit relaying from any host that authenticates with a valid
> username & password. How easy and secure is it?
>
> I'm using Exim v4.0 and Slackware 8.0


It's not hard. Using the plain authenticator will send passwords in
base64 encoded cleartext. Using crammd5 uses hmac to generate a 128-bit
hash that is compared to the hash exim generates. I've played with crammd5
some. Once a hash is used, it becomes invalid (regardless if it worked).

You need to be careful about the conditions. If someone attempts to
authenticate as an invalid user and when your server looks up the pass,
it'll be nothing and they can successfully authentiate (thus making you an
OPEN RELAY).

I don't have an example handy as I did this at work. I simply read the spec
and created a lookup for the server we used.

--
Lab tests show that use of micro$oft causes cancer in lab animals