Author: Peter A. Friend Date: To: exim-users Subject: Re: [Exim] /etc/passwd SMTP auth
On Sat, 10 Nov 2001, Oliver von Bueren wrote:
> The server_set_id is not needed, I use it to add a header to the
> messages which get in that way. If you like that too, just add the
> following to local_delivery and remote_smtp transports (must be on one
> line!):
> ---
> headers_add = ${if !eq {$authenticated_id}{} {X-Authenticated-Id:
> $authenticated_id} }
A number of people use a different return address on their email, and
would like to keep their real account name private. So to get around
this I wrote a lookup routine to provide encrypted data for the header.
The file argument is the password to use, and the lookup arg is
$authenticated_id. What is passed back is the username that was
authenticated with, along with timestamp and process information (to
prevent replay attacks) all blowfish encrypted. This was pretty easy to
do since openssl was already being linked in for the TLS stuff. It's
not intended to provide any sort of real security, but obscure the real
account in such a way that if we need to get that information later we
can.
And another comment. From the time I started looking at implementing
all this in Exim, I was able to write a custom lookup routine to query
our custom auth system in less than a week. Compare this with weeks of
dealing with sendmail bugs, poor design, and cyrus-sasl nightmares, and
sendmail still didn't work right. From a development standpoint, I am a
major Exim fan now.