Re: [Exim] Tracking authentications

Góra strony
Delete this message
Reply to this message
Autor: Dan Egli
Data:  
Dla: exim-users
Temat: Re: [Exim] Tracking authentications
Dan Egli wrote:

| jzaw wrote:

|
| |
| | On Saturday, Sep 20, 2003, at 15:53 Europe/London, Dan Egli wrote:
| |
| |> -----BEGIN PGP SIGNED MESSAGE-----
| |> Hash: SHA1
| |>
| |> IS there a way to make Exim log who has authenticated? the reject log
| |> shows failed authentications, but I want to track SUCCESSFULL
| |> authentications
| |
| |
| |
| | youll get something like this in your main log
| |
| |
| | Sep 20 16:24:56 w exim[26108]: 2003-09-20 16:24:56 1A0jbU-0006n6-77 <=
| | jz@???
| | H=w.dnsalias.org (w.dnsalias.org) [217.155.135.45] U=someuser P=asmtp
| | A=auth_cram:someusername
| | S=556 id=74335CE1-EB7E-11D7-8BCB-003065427DF8@???
| |
| | Sep 20 16:25:00 w exim[26109]: 2003-09-20 16:25:00 1A0jbU-0006n6-77 =>
| | jzaw@???
| | R=dnslookup T=remote_smtp H=mx1.mail.yahoo.com [64.157.4.78]
| |
| | Sep 20 16:25:00 w exim[26109]: 2003-09-20 16:25:00 1A0jbU-0006n6-77
| | Completed
| |
| |
| | notice the serialisation they all have in common     1A0jbU-0006n6-77
| | (is of course unique to the message)
| | you can see which user authenticated and what method
| | and you can track it to see if the send was completed in this case it
| | took about 4 seconds to complete
| | the lines may have other messages in between them so look for the
| | message serial

|
| Nice but that is not going to work for me. This server uses AMaViS to
| scan for viruses, but the way Amavis works is that receives the message
| then scans it and if it's ok it drops it back on the Queue. But of
| course that means a new Message ID/Serial.

|
|
|
|

Ok. I fianally tracerd the relay glitch down. It seems that somehow my
config for Exim's authentication is not correct because it's allowing a
user not in the authorized remote users table to get in.

Specifically I watched as the spammer connected with username webmaster
and no password. I was puzzled so I tried it myself with exim -bs. auth
login accepted webmaster and no password as a valid login. But webmaster
is not even in the authorized list. Here's the list (passwords munged
for security)

+----------+---------------+
| userid   | pass          |

+----------+---------------+
| mark     | <pass gone>   |
| kevin    | <pass gone>   |
| dwight   | <pass gone>   |
| amber    | <pass gone>   |
| belinda  | <pass gone>   |
|          | <pass gone>   |

+----------+---------------+

The blank is so people could not do a blank username and password and
get in.

My authenticator config for the login auth method is:

login:
driver=plaintext
~ public_name=LOGIN
~ server_condition = "${if eq{$2} \
~ {${lookup mysql{SELECT pass FROM mail \
~ WHERE userid='${local_part:$1}'}}}{1}{0}}"
~ server_prompts= "Username:: : Password:: "
~ server_set_id=$1



How can I adapt this so that only people on the list can send mail, if
you're not on the list you cann't authenticate?

Help!?

Thanks!
- --- Dan