exim - unadvertised AUTH syntax
Issue #113
new
Hi,
I've found two issues regarding this pattern. Firstly, if hostname resolving is off in exim, there is no hostname provided in parenthesis in the logline.
Second, error command "AUTH LOGIN" is case sensitive and attacker can use lowercase/anycase "auth login" to bypass sshguard (this is hypothetical for now).
Example logline: 2019-04-17 01:15:17 SMTP protocol error in "auth login" H=(philae) [11.22.33.444] AUTH command used when not advertised
Comments (2)
-
-
- removed version
Removing version: 2.2 (automated comment)
- Log in to comment
Corrected example: 2019-04-17 01:15:17 SMTP protocol error in "auth login" H=[11.22.33.444] AUTH command used when not advertised