Re: [exim] Abused as spam relay with A=login:0 ??

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Heiko Schlittermann
Datum:  
To: exim-users
Betreff: Re: [exim] Abused as spam relay with A=login:0 ??
Andreas Metzler <eximusers@???> (Sa 29 Apr 2006 13:20:08 CEST):
> Heiko Schlittermann <hs@???> wrote:
> [...]
> >    # login authentication using a clear text password file
> >    login:
> >      driver = plaintext
> >      public_name = LOGIN
> >      server_prompts = Username:: : Password::
> >      server_condition = ${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}
> >      server_set_id = $1

>
> > If there's an unknown user and an empty password this authenticator
> > *will* succeed! Now I changed it a little bit:
>
> >      server_condition = ${if eq{PLAIN\:$2}{${lookup{$1}lsearch{/etc/exim4/passwd}}}{yes}{no}}

>
> > (and of course my password file as well containing lines like 'user:PLAIN:xxx'
>
> > My question: Is there a more elegant solution? In this case here it
> > would be enough if failing lseach could about the complete condition.
> [...]
>
> Won't this
> ${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}fail}{yes}{no}}


yes, with one more '}':
${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}fail}}{yes}{no}}

It's that I meant with 'failing lsearch could abort the complete
condition'.

> work or alternatively
> ${if eq{$2}{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}{supersecretstring}}{yes}{no}


Hm. Should work as well.


Thanks for your input. I was blind, obvisously.


    Best regards from Dresden
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann HS12-RIPE -----------------------------------------
 gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -