On Fri, May 21, 2004 at 10:30:25PM -0600, Dan Egli wrote:
> login_cram:
> driver = cram_md5
> public_name = CRAM-MD5
> server_secret = ${if saslauthd{{$1}{$2}}{1}{0}}
> server_set_id = $1
As I pointed out (to Marc Perkel) in:
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20040426/070670.html
this is a major problem. Anyone who wants to relay through Dan's (and
Marc's) server should log in with any username (eg. "myfakedupusername", but
anything will work) and password "0", making sure they use the CRAM-MD5
mechanism. You should then be authenticated, and you'll probably be able
to relay as a result.
Possibly we should force both to be listed as an open relay, but as I recall,
our dear friend Dan is on a dialup range, so you might as well just not
accept mail from him.
I'm going to apologise for being quite so open, but I tried to make it
obvious enough for anyone who understood what was going on in the mail
I quoted, and since that doesn't seem to have any effect after Dan has
tried to get more people new to exim to mistakenly use this configuration
through a complete and utter lack of understanding, I feel that it's
necessary to spell out exactly how to exploit it, for the benefit of Dan
and Marc and to try and prevent anyone else perpetrating the same problems.
You can find Dan's open relay at eglifamily.dnsalias.net.
Now, Dan, remind me why you should be allowed to run your own mailserver?
Cheers
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/
(Please use this address to reply)