Re: [exim] Is this an authentication bog?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: Marc Perkel
CC: exim-users@exim.org >> Exim-users
Sujet: Re: [exim] Is this an authentication bog?
On 2013-06-06 at 11:23 -0700, Marc Perkel wrote:
> The ACL condition
>
> authenticated = *
>
> Includes failed authentications


The "authenticated" rule matches against the name of the authenticator
which succeeded. This is a string under your control. It is the string
exposed to Exim's string expansion language as
$sender_host_authenticated.

The C variable is set in one of three ways:
* -oMaa on the command-line
* came in from the spool file (so mail is recorded as having a given
value)
* an authenticator reported success

I suggest logging, after that passes:
Auth=$sender_host_authenticated Fail=$authentication_failed Id=$authenticated_id

This should help you narrow down where you have an authenticator that is
passing, even if you're doing something peculiar, such as having the
authenticator pass but then trying to reject the result in an ACL
instead of in a "condition" rule on the authenticator.

Authentication pass/failure is at the authenticator level, not at the
level of the ACL plumbed into acl_smtp_auth. Is it possible that you've
defined an ACL connected to acl_smtp_auth and have it rejecting the
command? If so, you'll need to set an ACL variable recording this fact
and check that, not just "authenticated = *", in your later ACLs.

-Phil