Re: [exim] Assistance with authenticator syntax, please.

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: nick
Data:  
Para: Todd Lyons
CC: exim-users
Assunto: Re: [exim] Assistance with authenticator syntax, please.
On 31/10/13 12:27, Todd Lyons wrote:
> On Wed, Oct 30, 2013 at 5:35 AM, nick <xelp@???> wrote:
>> It allows any user the LDAP tree do do smtp-auth and I am suffering from
>> spam-by-smtpauth as many of the user passwords
>> are insufficiently robust and/or the users have their password stolen by
>> malware.
>> I would very much like to fix this.
>>
>> The current authenticator:
>>
>>     plain:
>>         driver= plaintext
>>         public_name = PLAIN
>>         server_condition = ${if ldapauth \
>>     {user="cn=${quote_ldap_dn:$2},o=southover,c=uk" \
>>            pass=${quote:$3} \
>>            ldap://ldap.southover.net/}{yes}{no}}
>>         server_set_id=$2

>>
>> In the LDAP tree there is to be an attribute 'smtpauth' which is set TRUE or
>> FALSE by our control panel.
>> But I am unable to figure out the correct syntax required in the plaintext
>> authenticator - exim just barfs with my every feeble attempt.
>>
>> I would like to do something like this:
>>
>> server_condition = if
>>                          #check the smtpauth flag for TRUE
>>                                  lookup
>> ldap{ldap:///o=southover,c=uk?mail?sub? (&
>> (cn=${quote_ldap_dn:$1})(smtpauth=${quote_ldap:TRUE}))}
>>                      and
>>                          #can this user do ldapauth:
>> ldapauth{user="cn=${quote_ldap_dn:$1},o=southover,c=uk" pass=${quote:$2}
>> ldap://ldap.southover.net/}
> Be mindful of which variables you are using in which authenticator.
> In the top one, $2 is the email address and $3 is the submitted
> password.  In your attempts to check the smtpauth flag, you're using
> $1 and $2.  For the PLAIN authenticator, you use $2 and $3.  For the
> LOGIN authenticator, you use $1 and $2.

>
> ...Todd


Thanks for spotting my mistake Todd - I must have cut'n'pasted from the
wrong authenticator.
You have probably saved me an afternoon of head scratching..
n.