[exim] Re: Problem with LDAP authenticator

Inizio della pagina
Delete this message
Reply to this message
Autore: Pierre Filippone
Data:  
To: Jeremy Harris
CC: exim-users
Oggetto: [exim] Re: Problem with LDAP authenticator
On Sun, 9 Jul 2023 at 15:22, Jeremy Harris via Exim-users
<exim-users@???> wrote:
>
> On 06/07/2023 15:44, Pierre Filippone via Exim-users wrote:
> > 2023-07-05 14:47:36 tainted search query is not properly quoted (ACL
> > accept, /etc/exim/exim.conf 461): user="uid=xyz,dc=example,dc=co

m"
> > pass="cleartextpassword"
> > ldaps:///dc=example,dc=com?uid?sub?(&(uid=xyz)(mail=*))
>
> The clue is in the log line:
>
> "ACL accept, /etc/exim/exim.conf 461".
>
> It's not your authenticator, it's an expansion in an ACL.


OK. I understand now that this is caused by the smtp_connect ACL:

acl_smtp_connect=acl_connect
....

begin acl
acl_connect:
   warn         control = dkim_disable_verify
   deny         hosts = net-lsearch;REJECTFILE
                   message = "Connection rejected: $host_data"


   accept       hosts = :
                hosts = 10.0.0.0/8


   accept       hosts = !net-lsearch;REJECTFILE



But this still leaves me pretty clueless.....

Does it mean that the authentication would be logged, even if the
query was not "tainted"?
Or could I prevent logging by somehow untainting it ?

Thanks,
    Pierre


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/