Re: [exim] Authentication Failure Question

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Todd Lyons
CC: exim-users
Subject: Re: [exim] Authentication Failure Question
Except that it's not what I can use.

On 6/6/2013 9:50 AM, Todd Lyons wrote:
> Marc, go read the pages that Lena wrote. In it are the ACL stanzas you need.
>
> ...Todd
>
> On Thu, Jun 6, 2013 at 8:24 AM, Marc Perkel <marc@???> wrote:
>> I need to set a variable
>>
>> set acl_m_auth_failed = true
>>
>> If authentication fails. How do I do that?
>>
>>
>> On 6/6/2013 8:06 AM, Dean Brooks wrote:
>>> Unlike routers, authenticators don't "do" anything. They simply describe
>>> a configuration for that type of authentication.
>>>
>>> To do something on a failed login, you have to use ACL configurations
>>> as described by others.
>>>
>>> --
>>> Dean Brooks
>>> dean@???
>>>
>>> On Thu, Jun 06, 2013 at 07:49:09AM -0700, Marc Perkel wrote:
>>>> Here are my authenticators:
>>>>
>>>> dovecot_plain:
>>>>     driver = dovecot
>>>>     public_name = PLAIN
>>>>     server_socket = /var/run/dovecot/auth-client
>>>>     server_set_id = $auth1

>>>>
>>>> dovecot_login:
>>>>     driver = dovecot
>>>>     public_name = LOGIN
>>>>     server_socket = /var/run/dovecot/auth-client
>>>>     server_set_id = $auth1

>>>>
>>>> How would I add something like server_condition that would let me do
>>>> something on a failed login?
>>>>
>>>>
>>>>
>>>> On 6/5/2013 11:01 AM, Dave Restall - System Administrator,,, wrote:
>>>>> Hi Marc,
>>>>>
>>>>>> Is there a way for an ACL to do something on authentication failure?
>>>>>> I'm
>>>>>> trying to trap the IP addresses of hackers trying to guess passwords.
>>>>>>
>>>>>> Thanks in advance
>>>>> Have a look at acl_smtp_auth. I also use an extended or condition on
>>>>> the authentication :-
>>>>>
>>>>> ....
>>>>>
>>>>>          server_condition                =       ${if or
>>>>> {${authenticated_lookup} {${perl{Run_A_PERL_SCRIPT_HERE}}}}}

>>>>>
>>>>> My actual condition is a bit more complicated but the above serves
>>>>> to illustrate.
>>>>>
>>>>> It basically says if the authenticated lookup succeeds, then continue
>>>>> if it fails then run the perl script. You can then do the processing
>>>>> with the perl script - I use it to count failed attempts and log them
>>>>> to a file - it could quite easily be used to firewall IP addresses etc.
>>>>>
>>>>> Typical old fashioned shell script short circuit.
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> D
>>>>> lists/exim/users/2013-06-05.tx
>>>>> exim-users
>>>>>
>>>>> +----------------------------------------------------------------------------+
>>>>> | Dave Restall, Computer Anorak, Geek, Cyclist, Radio Amateur G4FCU,
>>>>> Bodger  |
>>>>> | Mob +44 (0) 7973 831245      Skype: dave.restall             Radio:
>>>>> G4FCU  |
>>>>> | email : dave@???  - Anti-SocialMediaist -  Web : Not Ready Yet
>>>>> :-( |

>>>>>
>>>>> +----------------------------------------------------------------------------+
>>>>> | Q:    What do you call a half-dozen Indians with Asian flu?  A:
>>>>> |
>>>>> | Six sick Sikhs (sic).
>>>>> |

>>>>>
>>>>> +----------------------------------------------------------------------------+
>>>>>
>>>>>
>>>>>
>>>>>
>>>> --
>>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>>>> ## Exim details at http://www.exim.org/
>>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>>
>>
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>