On Wed, Oct 30, 2013 at 5:35 AM, nick <[email protected]> wrote: > It allows any user the LDAP tree do do smtp-auth and I am suffering from > spam-by-smtpauth as many of the user passwords > are insufficiently robust and/or the users have their password stolen by > malware. > I would very much like to fix this. > > The current authenticator: > > plain: > driver= plaintext > public_name = PLAIN > server_condition = ${if ldapauth \ > {user="cn=${quote_ldap_dn:$2},o=southover,c=uk" \ > pass=${quote:$3} \ > ldap://ldap.southover.net/}{yes}{no}} > server_set_id=$2 > > In the LDAP tree there is to be an attribute 'smtpauth' which is set TRUE or > FALSE by our control panel. > But I am unable to figure out the correct syntax required in the plaintext > authenticator - exim just barfs with my every feeble attempt. > > I would like to do something like this: > > server_condition = if > #check the smtpauth flag for TRUE > lookup > ldap{ldap:///o=southover,c=uk?mail?sub? (& > (cn=${quote_ldap_dn:$1})(smtpauth=${quote_ldap:TRUE}))} > and > #can this user do ldapauth: > ldapauth{user="cn=${quote_ldap_dn:$1},o=southover,c=uk" pass=${quote:$2} > ldap://ldap.southover.net/}
Be mindful of which variables you are using in which authenticator. In the top one, $2 is the email address and $3 is the submitted password. In your attempts to check the smtpauth flag, you're using $1 and $2. For the PLAIN authenticator, you use $2 and $3. For the LOGIN authenticator, you use $1 and $2. ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
