Re: [exim] How to ban some authenticated users?

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim-users
Subject: Re: [exim] How to ban some authenticated users?
* on the Fri, Mar 07, 2014 at 11:34:04AM +0000, Jasen Betts wrote:

>> https://github.com/mikecardwell/EximPhishReplyBuster
>>
>> It's a tool that I wrote for Exim which prevents people from sending
>> their passwords to other people via email. I blogged about it here:
>
> It should be possible to exend that to also working with CRAM-MD5 as
> in that case exim already knows the password.


True. But if you're using verified SSL during mail submission (which you
should be), CRAM-MD5 doesn't give you anything useful. In fact it makes
matters worse by requiring the server to know the plain text password,
instead of just being able to store a hash of it. I can't imagine a
situation where I would ever use CRAM-MD5.

-- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4