Re: [exim] Assistance with authenticator syntax, please.

Top Pagina
Delete this message
Reply to this message
Auteur: Todd Lyons
Datum:  
Aan: nick
CC: exim-users
Onderwerp: Re: [exim] Assistance with authenticator syntax, please.
On Wed, Oct 30, 2013 at 5:35 AM, nick <xelp@???> wrote:
> It allows any user the LDAP tree do do smtp-auth and I am suffering from
> spam-by-smtpauth as many of the user passwords
> are insufficiently robust and/or the users have their password stolen by
> malware.
> I would very much like to fix this.
>
> The current authenticator:
>
>    plain:
>        driver= plaintext
>        public_name = PLAIN
>        server_condition = ${if ldapauth \
>    {user="cn=${quote_ldap_dn:$2},o=southover,c=uk" \
>           pass=${quote:$3} \
>           ldap://ldap.southover.net/}{yes}{no}}
>        server_set_id=$2

>
> In the LDAP tree there is to be an attribute 'smtpauth' which is set TRUE or
> FALSE by our control panel.
> But I am unable to figure out the correct syntax required in the plaintext
> authenticator - exim just barfs with my every feeble attempt.
>
> I would like to do something like this:
>
> server_condition = if
>                         #check the smtpauth flag for TRUE
>                                 lookup
> ldap{ldap:///o=southover,c=uk?mail?sub? (&
> (cn=${quote_ldap_dn:$1})(smtpauth=${quote_ldap:TRUE}))}
>                     and
>                         #can this user do ldapauth:
> ldapauth{user="cn=${quote_ldap_dn:$1},o=southover,c=uk" pass=${quote:$2}
> ldap://ldap.southover.net/}


Be mindful of which variables you are using in which authenticator.
In the top one, $2 is the email address and $3 is the submitted
password. In your attempts to check the smtpauth flag, you're using
$1 and $2. For the PLAIN authenticator, you use $2 and $3. For the
LOGIN authenticator, you use $1 and $2.

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine