Mike Tubby via Exim-users <exim-users@???> (Di 17 Mär 2020 01:51:55 CET):
> All,
>
> Dovecot IMAP/POP3 server has a built-in Authentication Policy sub-system
> whereby it can make a web-services call to to an Authentication Policy
> Server:
>
> 1. command: on connect, before authentication
> 2. command: on connect, after authentication
> 3. report: on final outcome of policy + authentication
>
> It would be "really good"(tm) if Exim could implement a similar
> concept/service/API as it would allow me to leverage GEOIP against possible
> attackers of some (protected) services and report back in to a common
> database of failed connections for (a) GEOIP policy or (b) username/password
Maybe I'm missing the point, but something *like* this comes into my
mind immediatly: (at least as POC it should be ok)
PLAIN:
driver = plaintext
server_condition = ${perl{do_auth}{$auth1}{$auth2}{$sender_host_address}}
And provide a Perl subrouting do_auth, that does the actual
authentication.
But then, of course, you've to implement the actual auth in the perl
function.
Maybe even that would work, but I'm not sure if we're flexible enough
with the ACL
begin acl
acl_auth:
require = <pre-auth>
require = <auth>
require = <report>
accept
begin authenticators
PLAIN:
driver = plaintext
server_condition = acl_auth
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
