Re: [exim] auth disclosure on auth rejects in logfiles

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] auth disclosure on auth rejects in logfiles
On 25/01/2021 10:36, Cyborg via Exim-users wrote:
> 2021-01-25 10:15:47 H=<HOSTNAME> (EHLO STRING) [IP ADDRESS] X=TLS1.3:TLS_AES_128_GCM_SHA256:128 CV=no rejected AUTH PLAIN BASE64STRING : authentication is allowed only once per message in order to slow down bruteforce cracking
>
> This config part:
>
> acl_check_auth:
>   drop  message = authentication is allowed only once per message in order \
>                   to slow down bruteforce cracking


> I don't see a good reason to print that info into the log, as in the case I found, the mailclient just made a mistake and it was not an attacker.


We do avoid logging the equivalent on outgoing... I guess that case was more obviously
"our" sensitive info. I agree this could do with attention.
--
Cheers,
Jeremy