On Wed, 23 Nov 2005, Martin Nicholas wrote:
> The example in the Exim 4.50 documentation (Chap: 37.1) contains the
> "Unknown User/Empty Password" security hole.
>
> It should read like this:
> > spa:
> > driver = spa
> > public_name = NTLM
> > ${lookup{$1}lsearch{/etc/exim/spa_clearpass}{$value}fail}
>
> Note the addition of "{$value}fail"
Thanks for taking time to point this out; however it was noticed before,
and has been corrected in the 4.60 documentation, which is currently
available for checking along with the 4.60 Release Candidate in the
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/Testing/
FTP directory.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
