Re: [exim] Exim relaying but shouldn't

Wed, 28 Sep 2022 06:03:02 -0700 


Le 28/09/2022 à 14:48, Slavko via Exim-users a écrit :

Dňa 26. septembra 2022 18:05:32 UTC používateľ Eric Grammatico via Exim-users 
<exim-users@exim.org> napísal:


2022-09-26 16:15:24 [10] 1ocotI-00000A-0g <= #xxxyyyy'uuss+...@grammatico.me 
H=(localhost) [45.123.190.53] P=esmtpsa X=TLS1.2:AES256-GCM-SHA384:256 CV=no 
A=login_server:#xxxyyyy'uuss+zzz S=736

...


login_server:
   driver                     = plaintext
   public_name                = LOGIN
   server_condition = ${run{/bin/sh -c "echo -e '$auth1\n$auth2' | 
/usr/sbin/pwauth"}{1}{0}}
   server_set_id              = $auth1
   server_prompts             = <| Username: | Password:
Looks like the user #xxxyyyy'uuss+zzz is authenticated, but for sure it doesn't 
exist in my /etc/passwd, neither /etc/shadow

Did you try to pass that user to your script with random password?

Yep, and auth is refused.


Did you try to pass that server_condition expansion through exim -be with
that user?

Nop, I will


Anyway, passing user input to script is not safe, notice that login name
contains the aphostrophe char, which breaks your quotation, duno how
it is interpreted... Why you do not use pam{} expansion?

I'm in Docker, I'll investigate in that direction. Thanks.


regards




Thank you Slavko.


As an immediate fix I added the following in my exim.conf
  drop    message = REJECTED - Sender Verify Failed - error code \"$sender_verify_failure\"\n\n\   The return address you are using for this email message <$sender_address>\ 
  does not seem to be a working account.
          log_message = REJECTED - Sender Verify Failed - error code \"$sender_verify_failure\" 
          !hosts = +no_verify
          !verify = sender/callout=2m,defer_ok
          condition = ${if eq{recipient}{$sender_verify_failure}}

  deny    message       = Restricted characters in sender address
          domains       = +local_domains
          senders   = ^[#] : ^[.] : ^.*[@%!/|#+]

  deny    message       = Restricted characters in sender address
          domains       = !+local_domains
          senders   = ^[#] : ^[.] : ^.*[@%!/|#+]

Hopefully, that'll provide me with delay awaiting to fix the LOGIN issue.

thx and reg

--
_/) Eric.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to