[exim] auth disclosure on auth rejects in logfiles

Top Page
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: [exim] auth disclosure on auth rejects in logfiles
Exim: 4.94-1  Fedora 32 Build

Hi,

I just found out that exim logs the authcredentials in case they get
rejected due to bruteforce rules:

2021-01-25 10:15:47 H=<HOSTNAME> (EHLO STRING) [IP ADDRESS]
X=TLS1.3:TLS_AES_128_GCM_SHA256:128 CV=no rejected AUTH PLAIN
BASE64STRING : authentication is allowed only once per message in order
to slow down bruteforce cracking

This config part:

acl_check_auth:
  drop  message = authentication is allowed only once per message in
order \
                  to slow down bruteforce cracking
        set acl_m_auth = ${eval10:0$acl_m_auth+1}
        condition = ${if >{$acl_m_auth}{2}}
        delay = 22s


I don't see a good reason to print that info into the log, as in the
case I found, the mailclient just made a mistake and it was not an
attacker.

best regards,
Marius