Re: [exim] authenticator options

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: N. Tucker
CC: exim-users
Subject: Re: [exim] authenticator options
On 2011-02-03 at 17:01 -0800, N. Tucker wrote:
> Hello, I have a fairly basic (I think) question that I haven't been able to
> answer via the docs/faqs:
>
> Is it possible for an exim 'authenticator' to use more information than just
> the SMTP host for making a choice of which credentials to send? What other
> variables are available in the context of an authenticator?


Most variables are available at all times, unless specified otherwise.

One good approach is to make the decisions in the Router, which uses:
address_data = <some lookups go here>
and then refer to $address_data in the authenticator. This acts as a
cache.

The interesting expansion operator to know about is then "extract". So
if you then specify (via expansion):
address_data = user=fred password=bedrock port=25 forcetls=yes

then your Transport can use:
  hosts_require_tls = ${extract{forcetls}{$address_data}{*}{}}
and your Authenticator can use:
  client_send = ^${extract{user}{$address_data}{$value}fail}\
                ^${extract{password}{$address_data}{$value}fail}


I prefer this approach since it lets all the important decisions be made
in one place, the Router, and just lets the Transports and
Authenticators implement the policy of the Router.

> So my goal is to have exim look up the credentials to be passed to the SMTP
> server on a per-message basis. Ideally, it could be done in a way that
> still allows multiple messages which are of the same "type" of email to be
> sent on the same connection, but I don't think that is critical.


I believe that this happens by default; you'll need to set max_rcpt=1 on
the Transport which triggers the connection to avoid it. I think. Been
a while since I investigated this properly, when I set up client auth on
a laptop.

Generally, the idea is that SMTP AUTH happens at a connection level, not
a message level, so is authenticating the client as a host, not each
message. The MTA on the sending side can then set AUTH=foo on each
message, to identify its idea of the owner of each mail. If you want to
instead authenticate per-message then this is outside the normal SMTP
model and so you need to set max_rcpt=1. Having done that, nothing
comes to mind for batching by type.

-Phil