alan milligan writes:
« HTML content follows »Hi Sam,Perhaps I wasn't clear about the no password set. This was done with passwd -d to remove; and passwd -l to lock it. It is not possible for anyone to escalate privilege to root.But as seen in the log; this is an external SMTP message, not one sent as root via an internal network. If the auth=root really *is* root, how *can* this user have authenticated??
Well, you are authenticating a root login. The attacker sends a request to authenticate as root, and some password. The authentication request succeeds. That's what's happening. That's it. You'll have to figure out why.
You say that you're using pam and ldap. Courier does not read the password file. It forwards the authentication request to pam or ldap. The authentication request succeeds. Why? Well, that's the mystery that needs to be solved.
courier-authlib has a debug setting to log all authentication requests. You should enable that, and look at the logs.
pgpVnqyRnLbPB.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
