Re: [exim] Abused as spam relay with A=login:0 ??

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Andreas Metzler
日付:  
To: exim-users
題目: Re: [exim] Abused as spam relay with A=login:0 ??
Heiko Schlittermann <hs@???> wrote:
[...]
>    # login authentication using a clear text password file
>    login:
>      driver = plaintext
>      public_name = LOGIN
>      server_prompts = Username:: : Password::
>      server_condition = ${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}
>      server_set_id = $1


> If there's an unknown user and an empty password this authenticator
> *will* succeed! Now I changed it a little bit:


>      server_condition = ${if eq{PLAIN\:$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}


> (and of course my password file as well containing lines like 'user:PLAIN:xxx'


> My question: Is there a more elegant solution? In this case here it
> would be enough if failing lseach could about the complete condition.

[...]

Won't this
${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}fail}{yes}{no}}
work or alternatively
${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}{supersecretstring}}{yes}{no}

cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde