[Exim] Re: SMTP Auth doesn't prevent users from sending as o…

Top Page
Delete this message
Reply to this message
Author: Dave Hill
Date:  
To: exim-users
Subject: [Exim] Re: SMTP Auth doesn't prevent users from sending as other users
On Fri, 19 Mar 2004 04:13:41 -0600, Eric Rutherford wrote:

> I finally got smtp auth working, i have it set up to use the plaintext
> type logins and check it against /etc/passwd
>
> the problem is if you have ANY users login/pass you can send as any
> other user, so if im Bob and i try to send an email as Joe, when it asks
> me my auth i just say Bob(and the pass) and it sends the email thru my
> server appearing to come from Joe
>
> does anyone know how to prevent this? its like spoofing but even more
> convincing because it comes from the real server. is there a way to make
> sure the name they are sending with is the same as the username they
> authenticated with?
>
> My current auth config is as follows: (i found it on the exim messages
> archive) it is at least making sure they are a user on my server


If your users know each others passwords, then you have a bigger problem
than exim authentication!!

Dave

--
Dave Hill
Systems Administrator, Newnham Research Ltd
Tel: +44 (0) 8707 66 11 10