[prev in list] [next in list] [prev in thread] [next in thread] 

List:       exim-users
Subject:    Re: [exim] Unstoppable spam
From:       Odhiambo Washington via Exim-users <exim-users () exim ! org>
Date:       2019-09-24 12:04:48
Message-ID: CAAdA2WOFhYxtCdfarYe64oQGfC3bjxAMhBfDOFuD57DFVm2kMw () mail ! gmail ! com
[Download RAW message or body]

On Tue, 24 Sep 2019 at 14:43, Cyborg via Exim-users <exim-users@exim.org>
wrote:

> Am 24.09.19 um 11:07 schrieb Odhiambo Washington via Exim-users:
> > 2019-09-23 19:05:01 1iCQpf-0002zI-7B <= benson.kuria@ourdomain.tld
> > H=([127.0.0.1]) [5.61.42.174] I=[41.57.X.X]:587 P=esmtpsa
> > X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
> > A=plain:benson.kuria@ourdomain.tld S=153471 id=4d95a1b3-5c91-471
> > e-5b9e-f8fe7aa1cd9b@ourdomain.tld T="Your order ?5634 is ready for the
> > transporting" from <benson.kuria@ourdomain.tld> for
> > daniel.owino@ourdomain.tld
>
> To answere you question, yes, it uses plaintext auth and yes, it looks
> like you auth is broken.
>
> I think you wanne have "POPbeforeSMTP" , which is a old mechanism to
> authenticate someone for SMTP.
>
> Better activate SMTP-AUTH.
>

I have ASMTP active, as you might have seen from the headers.


> Any client will support it, even OUTLOOK will do.
>
> The exim default config (for Fedora) has this to offer:
>
>
> # LOGIN authentication has traditional prompts and responses. There is no
> # authorization ID in this mechanism, so unlike PLAIN the username and
> # password are $auth1 and $auth2. Apart from that you can use the same
> # server_condition setting for both authenticators.
>
> LOGIN:
>   driver                     = plaintext
>   server_set_id              = $auth1
>   server_prompts             = <| Username: | Password:
>   server_condition           = ${if saslauthd{{$1}{$2}{smtp}} {1}}
>   server_advertise_condition = *
>
>
> Depending where you dovecot auths against, it may work directly.
>
> If it's a dabase, you may wanne use this:
>
> LOGIN:
>  driver                     = plaintext
>  server_set_id = $1
>  server_prompts             = <| Username: | Password:
>  server_condition = "${if and { \
>                       {!eq{$2}{}} \
>                       {eq{1}{${lookup mysql{SELECT '1' FROM users WHERE
> user = '${quote_mysql:${local_part:$1}}' and passwort =
> password('${quote_mysql:$2}') }{$value}fail}} }} {yes}{no}}"
>  server_advertise_condition = *
>
> (dont forget to enable a database connection first)
>
> Check you dovecot for the used auth mechanism, it seems to be faulty


I am using the dovecot authentication as spelt here:

https://wiki.dovecot.org/HowTo/EximAndDovecotSASL

And I don't think it is broken.



> or
> your attacker has access to you mailboxes and get the password anythime
> you set a new one.
>

No possible because my passwords are encrypted, not plaintext.

Thanks for helping me think it out.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic