On Mon, 28 Jul 2003, David Saez wrote:
> > Yes, the client must successfully authenticate before Exim will trust
> > the value of AUTH on an SMTP MAIL command.
>
> Why not let some acl decide if it could be trusted or not ?
This code is essentially unchanged since Exim 3, which did not have
ACLs. So the answer to your question is "because I did not think of that
when ACLs were added to Exim".
I have put this on the Wish List. I suppose what is needed is something
like a "mailauth" ACL, which would default to
accept authenticated = *
for backwards compatibility.
> A way to set it from within a transport could be useful, at least if
> your proposal to Meng Weng Wong about using MAIL AUTH in SPF is
> accepted (at least it looks great to me).
1. There already is an authenticated_sender option for the smtp transport.
2. Meng Weng Wong tried to reply to me, but unfortunately the message
was sent from a different address and it got caught in my spam defences
because it wasn't on my white list. So I don't know the reaction to that
idea (which was just an idea that struck me - I do not intend to get
involved in designing SPF).
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
