Re: [exim] Abused as spam relay with A=login:0 ??

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andreas Metzler
Date:  
À: exim-users
Sujet: Re: [exim] Abused as spam relay with A=login:0 ??
Heiko Schlittermann <hs@???> wrote:
[...]
>    # login authentication using a clear text password file
>    login:
>      driver = plaintext
>      public_name = LOGIN
>      server_prompts = Username:: : Password::
>      server_condition = ${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}
>      server_set_id = $1


> If there's an unknown user and an empty password this authenticator
> *will* succeed! Now I changed it a little bit:


>      server_condition = ${if eq{PLAIN\:$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}


> (and of course my password file as well containing lines like 'user:PLAIN:xxx'


> My question: Is there a more elegant solution? In this case here it
> would be enough if failing lseach could about the complete condition.

[...]

Won't this
${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}fail}{yes}{no}}
work or alternatively
${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}{supersecretstring}}{yes}{no}

cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde