Re: [exim-dev] XCLIENT patch to Exim; Cambridge

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] XCLIENT patch to Exim; Cambridge
[ Wietse is not on the exim-dev list, forwarding with a Bcc to him... ]

From: wietse@??? (Wietse Venema)

Viktor Dukhovni:
> On Fri, Jan 16, 2015 at 12:52:46AM +0000, Jeremy Harris wrote:
>
> > Most of the attributes look ok for us to support. I'm dubious
> > about the LOGIN one though; this feels like a protocol level
> > violation.
>
> In Postfix this allows proxying of SASL logins. A proxy might
> handle SASL auth in front of the MTA. The MTA receives the SASL
> login name as determined by the proxy and applies access control
> decisions accordingly.


Specifically, this was added for nginx.

> > Is that Postfix page the sole definition of the ESMTP option?


There is an IETF draft for XFORWARD but that solves a different
problem (logging instead of impersonation). I am not aware of a
similar effort with respect to XCLIENT. Either way, if there is an
IETF spec then I'll update Postfix where needed.

Postfix accepts XCLIENT without EHLO. That is OK because XCLIENT
is meant for settings where ESMTP negotiation is unnecessary. Some
in-the-field implementations may rely on this optimization.

    Wietse


[ Deleting the rest of the quoted text of my message on which Wietse
did not comment. ]

----- End of forwarded message from Wietse Venema -----