Re: [exim] Authentication Failure Question

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: Marc Perkel
CC: exim-users
Subject: Re: [exim] Authentication Failure Question
Marc, go read the pages that Lena wrote. In it are the ACL stanzas you need.

...Todd

On Thu, Jun 6, 2013 at 8:24 AM, Marc Perkel <marc@???> wrote:
> I need to set a variable
>
> set acl_m_auth_failed = true
>
> If authentication fails. How do I do that?
>
>
> On 6/6/2013 8:06 AM, Dean Brooks wrote:
>>
>> Unlike routers, authenticators don't "do" anything. They simply describe
>> a configuration for that type of authentication.
>>
>> To do something on a failed login, you have to use ACL configurations
>> as described by others.
>>
>> --
>> Dean Brooks
>> dean@???
>>
>> On Thu, Jun 06, 2013 at 07:49:09AM -0700, Marc Perkel wrote:
>>>
>>> Here are my authenticators:
>>>
>>> dovecot_plain:
>>>    driver = dovecot
>>>    public_name = PLAIN
>>>    server_socket = /var/run/dovecot/auth-client
>>>    server_set_id = $auth1

>>>
>>> dovecot_login:
>>>    driver = dovecot
>>>    public_name = LOGIN
>>>    server_socket = /var/run/dovecot/auth-client
>>>    server_set_id = $auth1

>>>
>>> How would I add something like server_condition that would let me do
>>> something on a failed login?
>>>
>>>
>>>
>>> On 6/5/2013 11:01 AM, Dave Restall - System Administrator,,, wrote:
>>>>
>>>> Hi Marc,
>>>>
>>>>> Is there a way for an ACL to do something on authentication failure?
>>>>> I'm
>>>>> trying to trap the IP addresses of hackers trying to guess passwords.
>>>>>
>>>>> Thanks in advance
>>>>
>>>> Have a look at acl_smtp_auth. I also use an extended or condition on
>>>> the authentication :-
>>>>
>>>> ....
>>>>
>>>>         server_condition                =       ${if or
>>>> {${authenticated_lookup} {${perl{Run_A_PERL_SCRIPT_HERE}}}}}

>>>>
>>>> My actual condition is a bit more complicated but the above serves
>>>> to illustrate.
>>>>
>>>> It basically says if the authenticated lookup succeeds, then continue
>>>> if it fails then run the perl script. You can then do the processing
>>>> with the perl script - I use it to count failed attempts and log them
>>>> to a file - it could quite easily be used to firewall IP addresses etc.
>>>>
>>>> Typical old fashioned shell script short circuit.
>>>>
>>>> Regards,
>>>>
>>>>
>>>>
>>>>
>>>> D
>>>> lists/exim/users/2013-06-05.tx
>>>> exim-users
>>>>
>>>> +----------------------------------------------------------------------------+
>>>> | Dave Restall, Computer Anorak, Geek, Cyclist, Radio Amateur G4FCU,
>>>> Bodger  |
>>>> | Mob +44 (0) 7973 831245      Skype: dave.restall             Radio:
>>>> G4FCU  |
>>>> | email : dave@???  - Anti-SocialMediaist -  Web : Not Ready Yet
>>>> :-( |

>>>>
>>>> +----------------------------------------------------------------------------+
>>>> | Q:    What do you call a half-dozen Indians with Asian flu?  A:
>>>> |
>>>> | Six sick Sikhs (sic).
>>>> |

>>>>
>>>> +----------------------------------------------------------------------------+
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>>> ## Exim details at http://www.exim.org/
>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/




--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine