[exim-dev] [Bug 512] New: [PATCH] Let client authentication …

Top Page
Delete this message
Reply to this message
Author: bug512
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 512] New: [PATCH] Let client authentication depend upon TLS being present
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

http://www.exim.org/bugzilla/show_bug.cgi?id=512

           Summary: [PATCH] Let client authentication depend upon TLS being
                    present
           Product: Exim
           Version: N/A
          Platform: Other
        OS/Version: All
            Status: NEW
          Keywords: work:tiny
          Severity: wishlist
          Priority: medium
         Component: SMTP Authentication
        AssignedTo: ph10@???
        ReportedBy: exim-dev@???
         QAContact: exim-dev@???



A man-in-the-middle attack could strip STARTTLS from the EHLO response codes.
If a cleartext authentication protocol is configured then this can leak
authentication credentials so that they can be sniffed.

I'll attach a patch which:
* adds "client_attempt_condition" as an analogue to
"server_advertise_condition"
* adds a new variable "connection_tls_cipher", only set during the smtp
transport
* does not include documentations because
* I suck
* I may have done this badly

My recollection is that a process performing outbound SMTP won't be re-used so
it's safe to "set and forget" a global variable in the way that this patch
does. This is what I've probably gotten wrong ...

Testing consisted of:
1: client_attempt_condition = ${if def:connection_tls_cipher}
2: send mail via GMail Submission (PLAIN)
3: client_attempt_condition = no
4: send another mail, see it blocked in queue; run "exim -d -qff" and verify
that no matching authenticator is found
5: restore client_attempt_condition
6: watch mail get sent out

Feedback welcome. Variable renames fully expected.

-Phil Pennock

--
Configure bugmail: http://www.exim.org/bugzilla/userprefs.cgi?tab=email