Marc, go read the pages that Lena wrote. In it are the ACL stanzas you need.
...Todd On Thu, Jun 6, 2013 at 8:24 AM, Marc Perkel <[email protected]> wrote: > I need to set a variable > > set acl_m_auth_failed = true > > If authentication fails. How do I do that? > > > On 6/6/2013 8:06 AM, Dean Brooks wrote: >> >> Unlike routers, authenticators don't "do" anything. They simply describe >> a configuration for that type of authentication. >> >> To do something on a failed login, you have to use ACL configurations >> as described by others. >> >> -- >> Dean Brooks >> [email protected] >> >> On Thu, Jun 06, 2013 at 07:49:09AM -0700, Marc Perkel wrote: >>> >>> Here are my authenticators: >>> >>> dovecot_plain: >>> driver = dovecot >>> public_name = PLAIN >>> server_socket = /var/run/dovecot/auth-client >>> server_set_id = $auth1 >>> >>> dovecot_login: >>> driver = dovecot >>> public_name = LOGIN >>> server_socket = /var/run/dovecot/auth-client >>> server_set_id = $auth1 >>> >>> How would I add something like server_condition that would let me do >>> something on a failed login? >>> >>> >>> >>> On 6/5/2013 11:01 AM, Dave Restall - System Administrator,,, wrote: >>>> >>>> Hi Marc, >>>> >>>>> Is there a way for an ACL to do something on authentication failure? >>>>> I'm >>>>> trying to trap the IP addresses of hackers trying to guess passwords. >>>>> >>>>> Thanks in advance >>>> >>>> Have a look at acl_smtp_auth. I also use an extended or condition on >>>> the authentication :- >>>> >>>> .... >>>> >>>> server_condition = ${if or >>>> {${authenticated_lookup} {${perl{Run_A_PERL_SCRIPT_HERE}}}}} >>>> >>>> My actual condition is a bit more complicated but the above serves >>>> to illustrate. >>>> >>>> It basically says if the authenticated lookup succeeds, then continue >>>> if it fails then run the perl script. You can then do the processing >>>> with the perl script - I use it to count failed attempts and log them >>>> to a file - it could quite easily be used to firewall IP addresses etc. >>>> >>>> Typical old fashioned shell script short circuit. >>>> >>>> Regards, >>>> >>>> >>>> >>>> >>>> D >>>> lists/exim/users/2013-06-05.tx >>>> exim-users >>>> >>>> +----------------------------------------------------------------------------+ >>>> | Dave Restall, Computer Anorak, Geek, Cyclist, Radio Amateur G4FCU, >>>> Bodger | >>>> | Mob +44 (0) 7973 831245 Skype: dave.restall Radio: >>>> G4FCU | >>>> | email : [email protected] - Anti-SocialMediaist - Web : Not Ready Yet >>>> :-( | >>>> >>>> +----------------------------------------------------------------------------+ >>>> | Q: What do you call a half-dozen Indians with Asian flu? A: >>>> | >>>> | Six sick Sikhs (sic). >>>> | >>>> >>>> +----------------------------------------------------------------------------+ >>>> >>>> >>>> >>>> >>> >>> -- >>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users >>> ## Exim details at http://www.exim.org/ >>> ## Please use the Wiki with this list - http://wiki.exim.org/ >>> > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
