Re: [exim] auth disclosure on auth rejects in logfiles

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andrew C Aitchison
Datum:  
To: Cyborg
CC: exim-users
Betreff: Re: [exim] auth disclosure on auth rejects in logfiles

On Mon, 25 Jan 2021, Cyborg via Exim-users wrote:

> Exim: 4.94-1  Fedora 32 Build
>
> I just found out that exim logs the authcredentials in case they get rejected
> due to bruteforce rules:
>
> 2021-01-25 10:15:47 H=<HOSTNAME> (EHLO STRING) [IP ADDRESS]
> X=TLS1.3:TLS_AES_128_GCM_SHA256:128 CV=no rejected AUTH PLAIN BASE64STRING :
> authentication is allowed only once per message in order to slow down
> bruteforce cracking
>
> This config part:
>
> acl_check_auth:
>   drop  message = authentication is allowed only once per message in order \
>                   to slow down bruteforce cracking
>         set acl_m_auth = ${eval10:0$acl_m_auth+1}
>         condition = ${if >{$acl_m_auth}{2}}
>         delay = 22s
>
> I don't see a good reason to print that info into the log, as in the case I
> found, the mailclient just made a mistake and it was not an attacker.


I don't see that message in the exim source.

Is it something added by Fedora ?

-- 
Andrew C. Aitchison                    Kendal, UK
             andrew@???