* Dave Lugo <dlugo@???> [20050422 03:56]: wrote:
> Hi,
>
> I'm trying to configure exim (4.50) to check the username/password
> pair only when the authenticated_sender is allowed to AUTH from
> the connecting IP.
Why don't you just allow AUTH from *any* host that _should_ use AUTH?
> My goal is to be able to prevent AUTH dict attacks (or at least
> lessen exposure to them) by restricting by rDNS name or CIDR
> when the username/password pair is actually checked to see if
> the password is good.
So if you define
hostlist auth_relay_hosts = a.b.c.d/24
and then in acl_smtp_auth you do:
####
deny hosts = !+auth_relay_hosts
endpass
message = You are not allowed to use SMTP AUTH from
$sender_host_address
encrypted = *
accept
#####
Just an idea.....
> I realize I can set restrictions for this on a global basis, but
> what I'm looking for is to be able to do on a per-user basic, by
> looking at the name passed w/ AUTH and checking that user's list
> of allowed auth hosts. I've been able to do just about everything
> else with per-user granularity, but this one has me stumped. Yes,
> I've been reading spec.txt. I'm a lot farther along w/ my exim
> skills than two months ago, but compared to a lot of folks here,
> that's not saying a lot :)
How do you expect to get the "user" if you want to restrict AUTH
by rDNS?
I may be confused about this as much as you are so if I am not of
help, just dismiss my mail ;-)
cheers
- wash
+----------------------------------+-----------------------------------------+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) |
wash _at_ wananchi _ dot _ com . 1ere Etage, Loita Hse, Loita St., |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"
--from a /. post
