Re: [exim] feature request: set authenticated

Pàgina inicial
Delete this message
Reply to this message
Autor: Tony Finch
Data:  
A: Steffen Heil
CC: exim-users
Assumpte: Re: [exim] feature request: set authenticated
On Thu, 30 Mar 2006, Steffen Heil wrote:
>
> I would like to do the following:
>
> warn host = a.b.c.d
>        set authenticed = test

>
> So that remote hosts can be authenticated directly.


What I use in this situation is the SASL EXTERNAL mechanism. This is
designed for lifting some lower-level authentication (such as IPSEC or
TLS) to the SASL level, but there's no reason that you can't consider
TCP connections from a known client to be good enough authentication
in the right context.

On the server:

EXTERNAL:
  driver        = plaintext
  server_set_id        = $1
  server_prompts    = :
  server_condition    = yes
  server_advertise_condition = ${if match_ip{$sender_host_address} \
                                            {+trusted_hosts} }


On the client:

EXTERNAL:
  driver        = plaintext
  client_send        = username


Aside: actually, I abuse EXTERNAL not to authenticate the client (which
in my case is a central MUA server running Pine and webmail), but in
order to communicate prior authentication of the user (done by ssh or
webmail) to the message submission service. In this case I have to use
connection_max_messages = 1 on the SMTP transport because the client ID
may change from one message to the next, whereas SMTP AUTH is per
connecting host not per message.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}