Re: [exim] Abused as spam relay with A=login:0 ??

Góra strony
Delete this message
Reply to this message
Autor: Andreas Metzler
Data:  
Dla: exim-users
Temat: Re: [exim] Abused as spam relay with A=login:0 ??
Heiko Schlittermann <hs@???> wrote:
[...]
>    # login authentication using a clear text password file
>    login:
>      driver = plaintext
>      public_name = LOGIN
>      server_prompts = Username:: : Password::
>      server_condition = ${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}
>      server_set_id = $1


> If there's an unknown user and an empty password this authenticator
> *will* succeed! Now I changed it a little bit:


>      server_condition = ${if eq{PLAIN\:$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}


> (and of course my password file as well containing lines like 'user:PLAIN:xxx'


> My question: Is there a more elegant solution? In this case here it
> would be enough if failing lseach could about the complete condition.

[...]

Won't this
${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}fail}{yes}{no}}
work or alternatively
${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}{supersecretstring}}{yes}{no}

cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde