Re: [exim] Stopping Bruteforceattacks

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMTerry at <-
MMPeter Velan at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Cyborg
CC: exim-users
Subject: Re: [exim] Stopping Bruteforceattacks
On 2012-07-25 at 17:46 +0200, Cyborg wrote:
> Is there any variable, which holds the "username" of the AUTH command IF
> the auth fails ?

No, but if there's a use-case, file a feature request and it can be
added.

Note that from the Exim config language point of view, the ACL runs
before the authentication, and then parsing the auth request is a
per-auth-driver issue (and fundamentally has to be, as part of SASL).

Technically we _might_ be able to do something like have an
authenticator be able to associate one or two ACLs with it, one to be
run on success, one to be run on failure, named something like
on_success, on_failure.

At present, you could hack that up for the auth succeeded case, using
the server_set_id case and the ACL expansion logic in git head (and will
be part of the next release).

plain:
driver = plaintext
...
server_on_success = expanded string
server_on_failure = expanded string

and then use the new ACL tests in those, leaving the parsed authnid and
authzid available in $auth1/$auth2, temporarily even for
server_on_failure. Discard the results. At present, just replace
"server_on_success" with "server_set_id" and make sure the final result
is the identifier for the user.

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Stopping BruteforceattacksRe: [exim] Stopping Bruteforceattacks->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)