Re: [exim] Stopping Bruteforceattacks

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: Cyborg
CC: exim-users
Sujet: Re: [exim] Stopping Bruteforceattacks
On 2012-07-25 at 17:46 +0200, Cyborg wrote:
> Is there any variable, which holds the "username" of the AUTH command IF
> the auth fails ?


No, but if there's a use-case, file a feature request and it can be
added.

Note that from the Exim config language point of view, the ACL runs
before the authentication, and then parsing the auth request is a
per-auth-driver issue (and fundamentally has to be, as part of SASL).

Technically we _might_ be able to do something like have an
authenticator be able to associate one or two ACLs with it, one to be
run on success, one to be run on failure, named something like
on_success, on_failure.

At present, you could hack that up for the auth succeeded case, using
the server_set_id case and the ACL expansion logic in git head (and will
be part of the next release).

plain:
driver = plaintext
...
server_on_success = expanded string
server_on_failure = expanded string

and then use the new ACL tests in those, leaving the parsed authnid and
authzid available in $auth1/$auth2, temporarily even for
server_on_failure. Discard the results. At present, just replace
"server_on_success" with "server_set_id" and make sure the final result
is the identifier for the user.

-Phil