Re: [exim] restricting access to AUTH check based on user's …

Top Page
Delete this message
Reply to this message
Author: Odhiambo G. Washington
Date:  
To: exim-users
Subject: Re: [exim] restricting access to AUTH check based on user's IP
* Dave Lugo <dlugo@???> [20050422 03:56]: wrote:
> Hi,
>
> I'm trying to configure exim (4.50) to check the username/password
> pair only when the authenticated_sender is allowed to AUTH from
> the connecting IP.


Why don't you just allow AUTH from *any* host that _should_ use AUTH?


> My goal is to be able to prevent AUTH dict attacks (or at least
> lessen exposure to them) by restricting by rDNS name or CIDR
> when the username/password pair is actually checked to see if
> the password is good.


So if you define

hostlist auth_relay_hosts = a.b.c.d/24

and then in acl_smtp_auth you do:

####
deny    hosts        = !+auth_relay_hosts
        endpass
        message      = You are not allowed to use SMTP AUTH from
                       $sender_host_address
        encrypted    = *


accept
#####


Just an idea.....


> I realize I can set restrictions for this on a global basis, but
> what I'm looking for is to be able to do on a per-user basic, by
> looking at the name passed w/ AUTH and checking that user's list
> of allowed auth hosts. I've been able to do just about everything
> else with per-user granularity, but this one has me stumped. Yes,
> I've been reading spec.txt. I'm a lot farther along w/ my exim
> skills than two months ago, but compared to a lot of folks here,
> that's not saying a lot :)


How do you expect to get the "user" if you want to restrict AUTH
by rDNS?

I may be confused about this as much as you are so if I am not of
help, just dismiss my mail ;-)



        cheers
       - wash 
+----------------------------------+-----------------------------------------+
Odhiambo Washington                    . WANANCHI ONLINE LTD (Nairobi, KE)  |
wash _at_ wananchi _ dot _ com        . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223            . # 10286, 00100 NAIROBI             |
GSM: (+254) 733 744 121            . (+254) 020 313 985 - 9             |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"  
                         --from a /. post