Re: [exim-dev] Remembering failed login id

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Geraint Edwards
Datum:  
To: exim-dev
Betreff: Re: [exim-dev] Remembering failed login id
Todd Lyons <tlyons@???> said
        (on Thu, Sep 12, 2013 at 11:47:22AM -0700):

> 2013-09-12 18:05:37 plain authenticator failed for tlyons.ivenue.net
> (tlyons) [192.168.100.166]: 535 Incorrect authentication data
> (set_id=me2@???)


You may have thought of this, but a note of caution:
if the user has accidentally put the password in the username field,
or perhaps the client/server are out of sync, you might be logging a plaintext password.

How about logging a hash of the potential username instead, e.g., in your log_message/logwrite:

    ${hmac{sha1}{seekrit}{$authenticated_fail_id}}


If you need to lookup those hashes, you could use something like:

    for username in user1@dom user2@dom user3@dom; do
        exim -be '${hmac{sha1}{seekrit}{'$username'}}'
    done


That way, you'll only find your usernames: passwords remain obscured.

Just a thought.

--
Geraint Edwards (aka "Gedge")