On Thu, 30 Mar 2006, Steffen Heil wrote:
>
> I would like to do the following:
>
> warn host = a.b.c.d
> set authenticed = test
>
> So that remote hosts can be authenticated directly.
What I use in this situation is the SASL EXTERNAL mechanism. This is
designed for lifting some lower-level authentication (such as IPSEC or
TLS) to the SASL level, but there's no reason that you can't consider
TCP connections from a known client to be good enough authentication
in the right context.
On the server:
EXTERNAL:
driver = plaintext
server_set_id = $1
server_prompts = :
server_condition = yes
server_advertise_condition = ${if match_ip{$sender_host_address} \
{+trusted_hosts} }
On the client:
EXTERNAL:
driver = plaintext
client_send = username
Aside: actually, I abuse EXTERNAL not to authenticate the client (which
in my case is a central MUA server running Pine and webmail), but in
order to communicate prior authentication of the user (done by ssh or
webmail) to the message submission service. In this case I have to use
connection_max_messages = 1 on the SMTP transport because the client ID
may change from one message to the next, whereas SMTP AUTH is per
connecting host not per message.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
