Autor: Mike Tubby Data: Para: exim users Assunto: [exim] Dovecot style Authentication Policy Server for Exim?
All,
Dovecot IMAP/POP3 server has a built-in Authentication Policy sub-system
whereby it can make a web-services call to to an Authentication Policy
Server:
1. command: on connect, before authentication
2. command: on connect, after authentication
3. report: on final outcome of policy + authentication
It would be "really good"(tm) if Exim could implement a similar
concept/service/API as it would allow me to leverage GEOIP against
possible attackers of some (protected) services and report back in to a
common database of failed connections for (a) GEOIP policy or (b)
username/password authentication failure.
in the above I have changed the usernames/domain names to protect the
innocent, however the IP addresses and country codes are real. The last
two columns booleans and are "auth success" and "country policy rejected"
While this log is for Dovecot, it would be really good (tm) if Exim
could make similar call outs to an Authentication Policy Server, perhaps
passing:
1. Remote IP address (IPv4/IPv6)
2. If the session is plain-text or upgraded to SSL/TLS
3. Which SSL/TLS Cipher is in use
4. The username presented at start of auth
5. Some sort of hash of the password presented at auth - like
Dovecor does
Has anyone implemented a Dovecot-a-like authentication policy server
for Exim