Author: Eric Grammatico Date: To: exim-users Subject: Re: [exim] Exim relaying but shouldn't
Le 28/09/2022 à 14:48, Slavko via Exim-users a écrit : > Dňa 26. septembra 2022 18:05:32 UTC používateľ Eric Grammatico via Exim-users <exim-users@???> napísal:
>
>> 2022-09-26 16:15:24 [10] 1ocotI-00000A-0g <= #xxxyyyy'uuss+zzz@??? H=(localhost) [45.123.190.53] P=esmtpsa X=TLS1.2:AES256-GCM-SHA384:256 CV=no A=login_server:#xxxyyyy'uuss+zzz S=736
> ...
>
>> login_server:
>> driver = plaintext
>> public_name = LOGIN
>> server_condition = ${run{/bin/sh -c "echo -e '$auth1\n$auth2' | /usr/sbin/pwauth"}{1}{0}}
>> server_set_id = $auth1
>> server_prompts = <| Username: | Password:
>> Looks like the user #xxxyyyy'uuss+zzz is authenticated, but for sure it doesn't exist in my /etc/passwd, neither /etc/shadow
> Did you try to pass that user to your script with random password? Yep, and auth is refused. >
> Did you try to pass that server_condition expansion through exim -be with
> that user? Nop, I will >
> Anyway, passing user input to script is not safe, notice that login name
> contains the aphostrophe char, which breaks your quotation, duno how
> it is interpreted... Why you do not use pam{} expansion? I'm in Docker, I'll investigate in that direction. Thanks. >
> regards
>
>
Thank you Slavko.
As an immediate fix I added the following in my exim.conf
drop message = REJECTED - Sender Verify Failed - error code
\"$sender_verify_failure\"\n\n\
The return address you are using for this email message
<$sender_address>\
does not seem to be a working account.
log_message = REJECTED - Sender Verify Failed - error code
\"$sender_verify_failure\"
!hosts = +no_verify
!verify = sender/callout=2m,defer_ok
condition = ${if eq{recipient}{$sender_verify_failure}}
