At 17:20 -0000 Giuliano Gavazzi wrote:
>>Great! This will help with my AUTH EXTERNAL idea:
>>
>>The server can advertise the EXTERNAL mechanism (using the plaintext
>>authenticator) iff it has succesfully verified a client certificate.
>
>wow, you *are* strict! You verify a client certificate *and* require
>authentication. Or perhaps you did not mean client certificate?
Not quite--iff the client cert verifies, the client can issue "AUTH
EXTERNAL" with an optional username (=CN of the client cert IIRC) but no
password.
It's relatively cosmetic, allowing "P=asmtp A=external:my.client.cert" in
your logs so something which might otherwise look like unwanted relaying
is explicable.
Matt
PS: 193.112.138.70 is in ORDB; see
http://ordb.org/ :)
