exim - unadvertised AUTH syntax

Create issue
Issue #113 new
Former user created an issue

Hi,

I've found two issues regarding this pattern. Firstly, if hostname resolving is off in exim, there is no hostname provided in parenthesis in the logline.

Second, error command "AUTH LOGIN" is case sensitive and attacker can use lowercase/anycase "auth login" to bypass sshguard (this is hypothetical for now).

Example logline: 2019-04-17 01:15:17 SMTP protocol error in "auth login" H=(philae) [11.22.33.444] AUTH command used when not advertised

Comments (2)

  1. Wojciech

    Corrected example: 2019-04-17 01:15:17 SMTP protocol error in "auth login" H=[11.22.33.444] AUTH command used when not advertised

  2. Log in to comment