[exim] [Patch supplied] Exim enhancement request.

Top Page
Delete this message
Reply to this message
Author: Dennis Davis
Date:  
To: exim-users
Subject: [exim] [Patch supplied] Exim enhancement request.
(Not sure if this is the right mailing list for this request. But
here goes...)

Anyone should feel free to shoot my ideas down in flames if they can
think of a better way of doing the following. Note I'd prefer not
to have exim authenticate as a client to achieve the same effect.
Although this is certainly an option.

I'd like to request an additional private option --
"force_local_authenticated" -- for the SMTP transport. This option
will be immediately useful in integrating exim with the Cyrus IMAP
server and may be of more general use. The patches appended below
add this extra private option. I've a patched version of exim
running satisfactorily.

I'm running a Cyrus IMAP server (version 2.3.1) with the following:

# Note the use of the "-a" argument to pre-authorize connections.
# For this to be viable, our /etc/hosts.allow file *must* restrict
# connections to trusted hosts.
        lmtp            cmd="lmtpd -a" listen="lmtp" prefork=25 provide_uuid=1


in the SERVICES section of /etc/cyrus.conf.

Currently exim delivers email to Cyrus via the lmtp daemon
listening on the loopback address. This is the method described
in the Exim WiKi and works well. However problems arise when you
want to deliver mail directly to subfolders, ie use addresses of the
form:

{mailid}+{subfolder}@{cyrus_domain}

Exim hasn't had to authenticate to the lmtp daemon so setting
"authenticated_sender" in the smtp transport won't help as the value
won't be passed onto the lmtp daemon. Instead it's necessary to
assign special ACLs on the imap subfolders to allow direct delivery.

Adding a "force_local_authenticated" option, defaulting to "false",
allows for transports of the form:

# Transport to deliver mail to the Cyrus IMAP server when the local
# part contains a plus ("+"), indicating a Cyrus subfolder. We're
# going to set the authenticated sender so there's no need for a
# special ACL on the subfolder.
cyrus_ltmp_plus_something:
driver = smtp
protocol = lmtp
hosts = LOOPBACK
force_local_authenticated = true
authenticated_sender = $local_part
rcpt_include_affixes = true
hosts_override = true
allow_localhost = true

which are called by routers of the form:

# A router for when the local part contains a plus.  This
# is a sendmail convention which Cyrus understands and it
# indicates a Cyrus subfolder.
cyrus_domain_with_plus:
  driver = accept
  domains = +cyrus_domain
  local_part_suffix = +*
  caseful_local_part = true
  retry_use_local_part = true
  transport = ${if = {$body_zerocount}{0} \
                     {cyrus_ltmp_plus_something}{cyrus_ltmp_plus_something_filter_nulls}}
  more = false



Here's the (short) patch against the source code for exim-4.60:

--- src/transports/smtp.h.orig    Mon Nov 28 10:57:32 2005
+++ src/transports/smtp.h    Wed Feb 22 16:14:49 2006
@@ -43,6 +43,7 @@
   BOOL    keepalive;
   BOOL    lmtp_ignore_quota;
   BOOL    retry_include_ip_address;
+  BOOL    force_local_authenticated;
   #ifdef SUPPORT_TLS
   uschar *tls_certificate;
   uschar *tls_crl;
--- src/transports/smtp.c.orig    Mon Nov 28 10:57:32 2005
+++ src/transports/smtp.c    Wed Feb 22 16:14:49 2006
@@ -57,6 +57,8 @@
       (void *)offsetof(smtp_transport_options_block, fallback_hosts) },
   { "final_timeout",        opt_time,
       (void *)offsetof(smtp_transport_options_block, final_timeout) },
+  { "force_local_authenticated", opt_bool,
+      (void *)offsetof(smtp_transport_options_block, force_local_authenticated) },
   { "gethostbyname",        opt_bool,
       (void *)offsetof(smtp_transport_options_block, gethostbyname) },
   { "helo_data",            opt_stringptr,
@@ -166,7 +168,8 @@
   FALSE,               /* hosts_randomize */
   TRUE,                /* keepalive */
   FALSE,               /* lmtp_ignore_quota */
-  TRUE                 /* retry_include_ip_address */
+  TRUE,                /* retry_include_ip_address */
+  FALSE                /* force_local_authenticated */
   #ifdef SUPPORT_TLS
  ,NULL,                /* tls_certificate */
   NULL,                /* tls_crl */
@@ -796,6 +799,7 @@
 BOOL esmtp = TRUE;
 BOOL pending_MAIL;
 BOOL pass_message = FALSE;
+BOOL force_authenticated = ob->force_local_authenticated;
 smtp_inblock inblock;
 smtp_outblock outblock;
 int max_rcpt = tblock->max_addresses;
@@ -1300,7 +1304,7 @@


/* Add the authenticated sender address if present */

-if (smtp_authenticated && local_authenticated_sender != NULL)
+if ((smtp_authenticated || force_authenticated) && local_authenticated_sender != NULL)
   {
   string_format(p, sizeof(buffer) - (p-buffer), " AUTH=%s",
     auth_xtextencode(local_authenticated_sender,
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101