Re: [exim] cram config problem

Góra strony
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Dla: exim-users
Temat: Re: [exim] cram config problem
On 2010-12-04 10:06, Alexander Nagel wrote:
> The logfile section of one mail which looks quite normal except the
> A=cram authenticator:
>
> 2010-12-03 23:11:36 1POdqq-0005Dd-Lg<= notmylocale1@notmydomain1
> H=static-mum-XX.XXX.XXX.XX.YYYY.net.in (ZZZZ.com) [XX.XXX.XXX.XX]
> P=esmtpa A=cram: S=1541
> id=bffc0c4db7014b5f85f70fd3366406e2@5596f1f9ac9a4e95972a770a95afed48
> from<notmylocale1@notmydomain1> for notmylocale3@notmydomain3
> 2010-12-03 23:11:40 1POdqt-0005Dd-Lp<= notmylocale2@notmydomain2
> H=static-mum-XX.XXX.XXX.XX.YYY.net.in (ZZZZ.com) [XX.XXX.XX.XX] P=esmtpa
> A=cram: S=1420
> id=66f95d560e354a95905d29ba7a939ae3@266eba13b7e640dca0c0f1f0b0044aff
> from<notmylocale2@notmydomain2> for notmylocale3@notmydomain3
> 2010-12-03 23:11:40 1POdqq-0005Dd-Lg Completed QT=4s

[...]
> cram:
>           driver                  = cram_md5
>           public_name             = CRAM-MD5
>           server_secret           = ${lookup pgsql{PG_Q_AUTH_CRAMMD5}}
>           server_set_id           = $auth1


You should make the lookup return fail explicitly when pgsql returns no rows,
otherwise it just returns an empty string. server_secret needs an explicit fail
in order to fail the attempt at authorisation. See (e.g..)

http://exim.org/exim-html-4.69/doc/html/spec_html/ch35.html#SECID176

http://exim.org/exim-html-4.69/doc/html/spec_html/ch11.html#SECTexpop
( for ${lookup )


Something along the lines of
    server_secret = ${lookup pgsql{PG_Q_AUTH_CRAMMD5} {$value} fail}


What's happened is that your spammer has guessed, probably, a user name
which does not exist in your database - and then tried to AUTH with it
and any random password. Not hard, even for a really dumb spammer.

Cheers,
     Jeremy


PS: You're correct to be using the server config for the authenticator.
Client would be when you want to use AUTH when initiating SMTP
sessions to other servers.