Autor: Jeremy Harris Datum: To: exim-users Betreff: Re: [exim] auth disclosure on auth rejects in logfiles
On 25/01/2021 10:36, Cyborg via Exim-users wrote: > 2021-01-25 10:15:47 H=<HOSTNAME> (EHLO STRING) [IP ADDRESS] X=TLS1.3:TLS_AES_128_GCM_SHA256:128 CV=no rejected AUTH PLAIN BASE64STRING : authentication is allowed only once per message in order to slow down bruteforce cracking
>
> This config part:
>
> acl_check_auth:
> drop message = authentication is allowed only once per message in order \
> to slow down bruteforce cracking > I don't see a good reason to print that info into the log, as in the case I found, the mailclient just made a mistake and it was not an attacker.
We do avoid logging the equivalent on outgoing... I guess that case was more obviously
"our" sensitive info. I agree this could do with attention.
--
Cheers,
Jeremy