Re: [exim] restricting access to AUTH check based on user's …

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Fred Viles
Datum:  
To: exim-users
Betreff: Re: [exim] restricting access to AUTH check based on user's IP
On 22 Apr 2005 at 10:28, Dave Lugo wrote about
    "Re: [exim] restricting access to AU":


|...
| > How do you expect to get the "user" if you want to restrict AUTH
| > by rDNS?
|
| Exactly! Is there a way to know the username, and check it against
| auth-hosts, *before* the password is checked?


If by username, you mean the username part of the AUTH credentials,
sure. If by username you mean the local_part of the sender address
(which isn't know until MAIL FROM), of course not.

|...
| My more
| recent reading of spec.txt suggests that acl_smtp_auth (or the
| authenticator itself) is likely the correct place to do what I'd
| like.


The authenticator itself is the only spot, if you want the
authentication to fail. The credentials are not available in the
acl_smtp_auth ACL - it runs before the credentials have even been
sent in most cases.

You want to get creative in the expansion of server_secret in your
CRAM-MD5 authenticator, and server_condidtion in your PLAIN/LOGIN
authenticators. At that point the username credential is available
in $1 or $2, and you can use it in a ${if to see if you want to
accept it from the client host, and fail the expansion if not.

- Fred