RE: [exim] feature request: set authenticated

Top Page
Delete this message
Reply to this message
Author: Steffen Heil
Date:  
To: exim-users
Subject: RE: [exim] feature request: set authenticated
Hi

> What I use in this situation is the SASL EXTERNAL mechanism.
> This is designed for lifting some lower-level authentication
> (such as IPSEC or
> TLS) to the SASL level, but there's no reason that you can't
> consider TCP connections from a known client to be good
> enough authentication in the right context.
>
> On the server:
>
> EXTERNAL:
>   driver        = plaintext
>   server_set_id        = $1
>   server_prompts    = :
>   server_condition    = yes
>   server_advertise_condition = ${if match_ip{$sender_host_address} \
>                                             {+trusted_hosts} }
> On the client:

>
> EXTERNAL:
>   driver        = plaintext
>   client_send        = username


The problem here is, that it need configuration on the client.
This is not what I want. (Yes, I know, ips can be spoofed, but this is only
for a private network.)
Actually I would lookup the ip in a database and assign the "authenticated"
to the result.

However, my feature request enables much more...

I am just thinking, that I can READ every variable everywhere using
$variable, why shouldn't I be able to assign them? (At least for most, this
should not be a problem.)

Regards,
Steffen