Re: [exim] auth disclosure on auth rejects in logfiles

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMAndrew C Aitchison at <-
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] auth disclosure on auth rejects in logfiles
On 25/01/2021 10:36, Cyborg via Exim-users wrote:
> 2021-01-25 10:15:47 H=<HOSTNAME> (EHLO STRING) [IP ADDRESS] X=TLS1.3:TLS_AES_128_GCM_SHA256:128 CV=no rejected AUTH PLAIN BASE64STRING : authentication is allowed only once per message in order to slow down bruteforce cracking
>
> This config part:
>
> acl_check_auth:
>   drop  message = authentication is allowed only once per message in order \
>                   to slow down bruteforce cracking

> I don't see a good reason to print that info into the log, as in the case I found, the mailclient just made a mistake and it was not an attacker.

We do avoid logging the equivalent on outgoing... I guess that case was more obviously
"our" sensitive info. I agree this could do with attention.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] auth disclosure on auth rejects in logfiles[exim] Taint mismatch, Ustrncpy: retry_update 826 ?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)