exim - unadvertised AUTH syntax

Issue #113 new
Former user created an issue


I've found two issues regarding this pattern. Firstly, if hostname resolving is off in exim, there is no hostname provided in parenthesis in the logline.

Second, error command "AUTH LOGIN" is case sensitive and attacker can use lowercase/anycase "auth login" to bypass sshguard (this is hypothetical for now).

Example logline: 2019-04-17 01:15:17 SMTP protocol error in "auth login" H=(philae) [] AUTH command used when not advertised

Comments (1)

  1. Log in to comment