Hello,
I just found some strange lines in my logs:
2006-04-28 16:50:52 1FZUJ0-0001pq-6S <= pouch@??? H=(ii) [222.183.147.213] P=esmtpa A=login:0 S=3376
~~~~~~~~~
2006-04-28 16:50:54 1FZUJ0-0001pq-6S => qtom@??? R=amavis T=amavis H=eth1.tigger.schlittermann.de [212.80.235.129]
2006-04-28 16:50:54 1FZUJ0-0001pq-6S Completed
User '0' does not exist here.
I just wanted to ask you help me finding the bug. But I found it
myself. Now I'm just posting it because I hope that I'm not the only
stupid one ;-) and at the end you'll find a question.
Here's my login authenticator (part of it, in reality there's a longer
condition). I've to have a clear text password file.
# login authentication using a clear text password file
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}
server_set_id = $1
If there's an unknown user and an empty password this authenticator
*will* succeed! Now I changed it a little bit:
server_condition = ${if eq{PLAIN\:$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}
(and of course my password file as well containing lines like 'user:PLAIN:xxx'
My question: Is there a more elegant solution? In this case here it
would be enough if failing lseach could about the complete condition.
Which chapter in TFM I'm missing?
Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann HS12-RIPE -----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -