Re: [exim] Unstoppable spam

Página Inicial
Delete this message
Reply to this message
Autor: Odhiambo Washington
Data:  
Para: exim users
Assunto: Re: [exim] Unstoppable spam
On Tue, 24 Sep 2019 at 14:43, Cyborg via Exim-users <exim-users@???>
wrote:

> Am 24.09.19 um 11:07 schrieb Odhiambo Washington via Exim-users:
> > 2019-09-23 19:05:01 1iCQpf-0002zI-7B <= benson.kuria@???
> > H=([127.0.0.1]) [5.61.42.174] I=[41.57.X.X]:587 P=esmtpsa
> > X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
> > A=plain:benson.kuria@??? S=153471 id=4d95a1b3-5c91-471
> > e-5b9e-f8fe7aa1cd9b@??? T="Your order ?5634 is ready for the
> > transporting" from <benson.kuria@???> for
> > daniel.owino@???
>
> To answere you question, yes, it uses plaintext auth and yes, it looks
> like you auth is broken.
>
> I think you wanne have "POPbeforeSMTP" , which is a old mechanism to
> authenticate someone for SMTP.
>
> Better activate SMTP-AUTH.
>


I have ASMTP active, as you might have seen from the headers.


> Any client will support it, even OUTLOOK will do.
>
> The exim default config (for Fedora) has this to offer:
>
>
> # LOGIN authentication has traditional prompts and responses. There is no
> # authorization ID in this mechanism, so unlike PLAIN the username and
> # password are $auth1 and $auth2. Apart from that you can use the same
> # server_condition setting for both authenticators.
>
> LOGIN:
>   driver                     = plaintext
>   server_set_id              = $auth1
>   server_prompts             = <| Username: | Password:
>   server_condition           = ${if saslauthd{{$1}{$2}{smtp}} {1}}
>   server_advertise_condition = *

>
>
> Depending where you dovecot auths against, it may work directly.
>
> If it's a dabase, you may wanne use this:
>
> LOGIN:
>  driver                     = plaintext
>  server_set_id = $1
>  server_prompts             = <| Username: | Password:
>  server_condition = "${if and { \
>                       {!eq{$2}{}} \
>                       {eq{1}{${lookup mysql{SELECT '1' FROM users WHERE
> user = '${quote_mysql:${local_part:$1}}' and passwort =
> password('${quote_mysql:$2}') }{$value}fail}} }} {yes}{no}}"
>  server_advertise_condition = *

>
> (dont forget to enable a database connection first)
>
> Check you dovecot for the used auth mechanism, it seems to be faulty



I am using the dovecot authentication as spelt here:

https://wiki.dovecot.org/HowTo/EximAndDovecotSASL

And I don't think it is broken.



> or
> your attacker has access to you mailboxes and get the password anythime
> you set a new one.
>


No possible because my passwords are encrypted, not plaintext.

Thanks for helping me think it out.


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)