yeah, I think that is the problem.
2003-09-09 11:34:11 19wkVO-0000Ji-6T <= wan_@??? H=(exercising) [218.70.141.172] P=asmtp A=auth_login:webmaster S=5431
2003-09-09 11:34:14 19wkVQ-0007iV-72 <= cathy_ro@??? H=(ainu) [218.70.149.109] P=asmtp A=auth_login:webmaster S=832
2003-09-09 11:34:14 19wkVR-0000Ji-D7 <= rober@??? H=(exercising) [218.70.141.172] P=asmtp A=auth_login:webmaster S=5415
2003-09-09 11:34:17 19wkVU-0000Ji-E6 <= sugar@??? H=(exercising) [218.70.141.172] P=asmtp A=auth_login:webmaster S=5479
I dont have a user named webmaster defined. Im trying an AUTH router setup mentioned in reply to my original email. Hopefully that will help.
Thank you very much
--CH
-----Original Message-----
From: John Jetmore [
mailto:jetmore@cinergycom.com]
Sent: Thursday, September 11, 2003 6:11 AM
To: Chris Huff
Cc: exim-users@???
Subject: Re: [Exim] Bad Authentication ACL, used for relay - 4.20
On Wed, 10 Sep 2003, Chris Huff wrote:
> auth_login:
> driver = plaintext
> public_name = LOGIN
> server_condition = "${if eq {${lookup{$1}lsearch{/usr/local/exim4/exim.passwd}{$value}}} {$2} {yes} {no}}"
> server_set_id = $1
> server_prompts = "Username:: : Password::"
Isn't this the classic non-existant user, empty password vulnerability?
(looking up the passwd for a non-existant user yields an empty string. If
an empty string is provided as the user's password, the two strings match
and relaying is allowed). Looking at the mainlog entries for the relays
would probably tell you whether the authenticator is being abused or
something else.
--John
