[Exim] feature request: AUTH EXTERNAL (RFC2222 sec 7.4)

Top Page
Delete this message
Reply to this message
Author: Matt Bernstein
Date:  
To: exim-users
Subject: [Exim] feature request: AUTH EXTERNAL (RFC2222 sec 7.4)
This is something which (at least) Cyrus offers, so it'd be nice for
talking to lmtpd, but also rather nice for MTA-MTA conversations too.
(In our Dept an increasing number of people have more than one machine at
home, and have a mail relay on their internal networks, which might as
well point straight at our MTA what with its virus-checking etc..)

The implementation I'm thinking of is specific to server verification of
client SSL/TLS certificates (I'm guessing the id is the CN, but I haven't
looked into it in much depth.)

So.. you can avoid doing all that 'orrible spam-checking from your backup
MXes without too much clutter, because one of your first RCPT ACL checks
would say "accept authenticated = *", *and* our academics' mail from home
has the nice "P=asmtp"-ness about it, *but* they don't need a cleartext
copy of their password in their MTA configurations at home.

I know it's easy to use the ACLs to relay for verified certificates, but
the nicest way I can think of logging that that's why we relayed is
"P=asmtp A=external:my.CN"..

What do you think? Is it difficult to implement? Worth the bother?

Matt