conditions (and thereby implement authorization).
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.409 2006/10/16 13:43:21 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.410 2006/10/16 15:44:36 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
local IP, and the "valid-client-cert option" if a client certificate has
been verified.
+PH/22 As suggested by Denis Davies, added a server_condition option to *all*
+ authenticators. This can be used for authorization after authentication
+ succeeds. (In the case of plaintext, it servers for both authentication
+ and authorization.)
+
Exim version 4.63
-----------------
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.116 2006/10/16 13:43:21 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.117 2006/10/16 15:44:36 ph10 Exp $
New Features in Exim
--------------------
values matches (or if no record is found), this is the only lookup that is
done. Only if there is a match is one of the more specific lists consulted.
+6. All authenticators now have a server_condition option. Previously, only
+ plaintext had this, and this has not changed: it must be set to the
+ authenticator as a server. For the others, if server_condition is set, it is
+ expanded if authentication is successful, and treated exactly as it is in
+ plaintext. This can serve as a means of adding authorization to an
+ authenticator.
+
Version 4.63
------------
-$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.24 2006/09/22 14:01:12 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.25 2006/10/16 15:44:36 ph10 Exp $
LISTS OF EXIM OPTIONS
---------------------
senders address list unset routers 4.00
serialize_hosts host list unset smtp 1.60
server_advertise_condition string* unset authenticators 4.14
-server_condition string* unset plaintext 3.10
+server_condition string* unset authenticators 3.10 (plaintext) 4.64 (others)
server_hostname string* "$primary_hostname" cyrus_sasl 4.43
server_mail_auth_condition string* unset authenticators 3.22
server_mech string public_name cyrus_sasl 4.43
#!/bin/sh
-# $Cambridge: exim/src/scripts/MakeLinks,v 1.7 2006/10/02 13:38:18 ph10 Exp $
+# $Cambridge: exim/src/scripts/MakeLinks,v 1.8 2006/10/16 15:44:36 ph10 Exp $
# Script to build links for all the exim source files from the system-
# specific build directory. It should be run from within that directory.
ln -s ../../src/auths/call_pam.c call_pam.c
ln -s ../../src/auths/call_pwcheck.c call_pwcheck.c
ln -s ../../src/auths/call_radius.c call_radius.c
+ln -s ../../src/auths/check_serv_cond.c check_serv_cond.c
ln -s ../../src/auths/cyrus_sasl.c cyrus_sasl.c
ln -s ../../src/auths/cyrus_sasl.h cyrus_sasl.h
ln -s ../../src/auths/get_data.c get_data.c
-# $Cambridge: exim/src/src/auths/Makefile,v 1.4 2006/10/02 13:38:18 ph10 Exp $
+# $Cambridge: exim/src/src/auths/Makefile,v 1.5 2006/10/16 15:44:36 ph10 Exp $
# Make file for building a library containing all the available authorization
# methods, and calling it auths.a. In addition, there are functions that are
# after cd'ing to the auths subdirectory. When the relevant AUTH_ macros are
# defined, the equivalent modules herein is not included in the final binary.
-OBJ = b64encode.o b64decode.o call_pam.o call_pwcheck.o call_radius.o \
- xtextencode.o xtextdecode.o get_data.o get_no64_data.o md5.o \
- cram_md5.o cyrus_sasl.o dovecot.o plaintext.o pwcheck.o sha1.o \
- auth-spa.o spa.o
+OBJ = auth-spa.o b64decode.o b64encode.o call_pam.o call_pwcheck.o \
+ call_radius.o check_serv_cond.o cram_md5.o cyrus_sasl.o dovecot.o \
+ get_data.o get_no64_data.o md5.o plaintext.o pwcheck.o sha1.o \
+ spa.o xtextdecode.o xtextencode.o
auths.a: $(OBJ)
@$(RM_COMMAND) -f auths.a
.c.o:; @echo "$(CC) $*.c"
$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
-auth-spa.o: $(HDRS) auth-spa.c
-b64encode.o: $(HDRS) b64encode.c
-b64decode.o: $(HDRS) b64decode.c
-call_pam.o: $(HDRS) call_pam.c
-call_pwcheck.o: $(HDRS) call_pwcheck.c pwcheck.h
-call_radius.o: $(HDRS) call_radius.c
-get_data.o: $(HDRS) get_data.c
-get_no64_data.o: $(HDRS) get_no64_data.c
-md5.o: $(HDRS) md5.c
-pwcheck.o: $(HDRS) pwcheck.c pwcheck.h
-sha1.o: $(HDRS) sha1.c
-xtextencode.o: $(HDRS) xtextencode.c
-xtextdecode.o: $(HDRS) xtextdecode.c
+auth-spa.o: $(HDRS) auth-spa.c
+b64encode.o: $(HDRS) b64encode.c
+b64decode.o: $(HDRS) b64decode.c
+call_pam.o: $(HDRS) call_pam.c
+call_pwcheck.o: $(HDRS) call_pwcheck.c pwcheck.h
+call_radius.o: $(HDRS) call_radius.c
+check_serv_cond.o: $(HDRS) check_serv_cond.c
+get_data.o: $(HDRS) get_data.c
+get_no64_data.o: $(HDRS) get_no64_data.c
+md5.o: $(HDRS) md5.c
+pwcheck.o: $(HDRS) pwcheck.c pwcheck.h
+sha1.o: $(HDRS) sha1.c
+xtextdecode.o: $(HDRS) xtextdecode.c
+xtextencode.o: $(HDRS) xtextencode.c
-cram_md5.o: $(HDRS) cram_md5.c cram_md5.h
-cyrus_sasl.o: $(HDRS) cyrus_sasl.c cyrus_sasl.h
-dovecot.o: $(HDRS) dovecot.c dovecot.h
-plaintext.o: $(HDRS) plaintext.c plaintext.h
-spa.o: $(HDRS) spa.c spa.h
+cram_md5.o: $(HDRS) cram_md5.c cram_md5.h
+cyrus_sasl.o: $(HDRS) cyrus_sasl.c cyrus_sasl.h
+dovecot.o: $(HDRS) dovecot.c dovecot.h
+plaintext.o: $(HDRS) plaintext.c plaintext.h
+spa.o: $(HDRS) spa.c spa.h
# End
-$Cambridge: exim/src/src/auths/README,v 1.5 2006/02/23 12:41:22 ph10 Exp $
+$Cambridge: exim/src/src/auths/README,v 1.6 2006/10/16 15:44:36 ph10 Exp $
AUTHS
DEFER couldn't complete the check
FAIL authentication failed
CANCELLED authentication forced to fail by "*" response to challenge,
- or by a forced string expansion failure
+ or by certain forced string expansion failures
BAD64 bad base64 data received
UNEXPECTED unexpected data received
--- /dev/null
+/* $Cambridge: exim/src/src/auths/check_serv_cond.c,v 1.1 2006/10/16 15:44:36 ph10 Exp $ */
+
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 1995 - 2006 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+#include "../exim.h"
+
+/* This module contains the function server_condition(), which is used
+by all authenticators. */
+
+
+/*************************************************
+* Check server_condition *
+*************************************************/
+
+/* This function is called from the server code of all authenticators. For
+plaintext, it is always called: the argument cannot be empty, because for
+plaintext, setting server_condition is what enables it as a server
+authenticator. For all the other authenticators, this function is called after
+they have authenticated, to enable additional authorization to be done.
+
+Argument: the authenticator's instance block
+
+Returns:
+ OK NULL argument, or success
+ DEFER couldn't complete the check
+ FAIL authentication failed
+*/
+
+int
+auth_check_serv_cond(auth_instance *ablock)
+{
+uschar *cond;
+
+HDEBUG(D_auth)
+ {
+ int i;
+ debug_printf("%s authenticator:\n", ablock->name);
+ for (i = 0; i < AUTH_VARS; i++)
+ {
+ if (auth_vars[i] != NULL)
+ debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]);
+ }
+ for (i = 1; i <= expand_nmax; i++)
+ debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
+ debug_print_string(ablock->server_debug_string); /* customized debug */
+ }
+
+/* For the plaintext authenticator, server_condition is never NULL. For the
+rest, an unset condition lets everything through. */
+
+if (ablock->server_condition == NULL) return OK;
+cond = expand_string(ablock->server_condition);
+
+HDEBUG(D_auth)
+ {
+ if (cond == NULL)
+ debug_printf("expansion failed: %s\n", expand_string_message);
+ else
+ debug_printf("expanded string: %s\n", cond);
+ }
+
+/* A forced expansion failure causes authentication to fail. Other expansion
+failures yield DEFER, which will cause a temporary error code to be returned to
+the AUTH command. The problem is at the server end, so the client should try
+again later. */
+
+if (cond == NULL)
+ {
+ if (expand_string_forcedfail) return FAIL;
+ auth_defer_msg = expand_string_message;
+ return DEFER;
+ }
+
+/* Return FAIL for empty string, "0", "no", and "false"; return OK for
+"1", "yes", and "true"; return DEFER for anything else, with the string
+available as an error text for the user. */
+
+if (*cond == 0 ||
+ Ustrcmp(cond, "0") == 0 ||
+ strcmpic(cond, US"no") == 0 ||
+ strcmpic(cond, US"false") == 0)
+ return FAIL;
+
+if (Ustrcmp(cond, "1") == 0 ||
+ strcmpic(cond, US"yes") == 0 ||
+ strcmpic(cond, US"true") == 0)
+ return OK;
+
+auth_defer_msg = cond;
+auth_defer_user_msg = string_sprintf(": %s", cond);
+return DEFER;
+}
+
+/* End of check_serv_cond.c */
-/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.5 2006/02/23 12:41:22 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.6 2006/10/16 15:44:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL;
}
-return OK;
+/* Expand server_condition as an authorization check */
+return auth_check_serv_cond(ablock);
}
-/* $Cambridge: exim/src/src/auths/cyrus_sasl.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/cyrus_sasl.c,v 1.5 2006/10/16 15:44:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
int auth_cyrus_sasl_options_count =
sizeof(auth_cyrus_sasl_options)/sizeof(optionlist);
-/* Default private options block for the contidion authentication method. */
+/* Default private options block for the cyrus_sasl authentication method. */
auth_cyrus_sasl_options_block auth_cyrus_sasl_option_defaults = {
US"smtp", /* server_service */
expand_nmax = 1;
HDEBUG(D_auth)
- debug_printf("Cyrus SASL %s authentiction succeeded for %s\n", ob->server_mech, out2);
+ debug_printf("Cyrus SASL %s authentication succeeded for %s\n", ob->server_mech, out2);
/* close down the connection, freeing up library's memory */
sasl_dispose(&conn);
sasl_done();
- return OK;
+
+ /* Expand server_condition as an authorization check */
+ return auth_check_serv_cond(ablock);
}
}
/* NOTREACHED */
-/* $Cambridge: exim/src/src/auths/dovecot.c,v 1.2 2006/10/16 13:43:22 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/dovecot.c,v 1.3 2006/10/16 15:44:36 ph10 Exp $ */
/*
* Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
}
out: close(fd);
- return ret;
+
+ /* Expand server_condition as an authorization check */
+ return (ret == OK)? auth_check_serv_cond(ablock) : ret;
}
-/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.5 2006/02/23 12:41:22 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.6 2006/10/16 15:44:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
(void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
{ "client_send", opt_stringptr,
(void *)(offsetof(auth_plaintext_options_block, client_send)) },
- { "server_condition", opt_stringptr,
- (void *)(offsetof(auth_plaintext_options_block, server_condition)) },
{ "server_prompts", opt_stringptr,
(void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
};
/* Default private options block for the plaintext authentication method. */
auth_plaintext_options_block auth_plaintext_option_defaults = {
- NULL, /* server_condition */
NULL, /* server_prompts */
NULL, /* client_send */
FALSE /* client_ignore_invalid_base64 */
auth_plaintext_options_block *ob =
(auth_plaintext_options_block *)(ablock->options_block);
if (ablock->public_name == NULL) ablock->public_name = ablock->name;
-if (ob->server_condition != NULL) ablock->server = TRUE;
+if (ablock->server_condition != NULL) ablock->server = TRUE;
if (ob->client_send != NULL) ablock->client = TRUE;
}
auth_plaintext_options_block *ob =
(auth_plaintext_options_block *)(ablock->options_block);
uschar *prompts = ob->server_prompts;
-uschar *clear, *cond, *end, *s;
+uschar *clear, *end, *s;
int number = 1;
int len, rc;
int sep = 0;
}
/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
-compatibility, in $1, $2, etc). Match against the decoded data by expanding the
-condition. */
+compatibility, in $1, $2, etc). Authentication and authorization are handled
+together for this authenticator by expanding the server_condition option. Note
+that ablock->server_condition is always non-NULL because that's what configures
+this authenticator as a server. */
-cond = expand_string(ob->server_condition);
-
-HDEBUG(D_auth)
- {
- int i;
- debug_printf("%s authenticator:\n", ablock->name);
- for (i = 0; i < AUTH_VARS; i++)
- {
- if (auth_vars[i] != NULL)
- debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]);
- }
- for (i = 1; i <= expand_nmax; i++)
- debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
- debug_print_string(ablock->server_debug_string); /* customized debug */
- if (cond == NULL)
- debug_printf("expansion failed: %s\n", expand_string_message);
- else
- debug_printf("expanded string: %s\n", cond);
- }
-
-/* A forced expansion failure causes authentication to fail. Other expansion
-failures yield DEFER, which will cause a temporary error code to be returned to
-the AUTH command. The problem is at the server end, so the client should try
-again later. */
-
-if (cond == NULL)
- {
- if (expand_string_forcedfail) return FAIL;
- auth_defer_msg = expand_string_message;
- return DEFER;
- }
-
-/* Return FAIL for empty string, "0", "no", and "false"; return OK for
-"1", "yes", and "true"; return DEFER for anything else, with the string
-available as an error text for the user. */
-
-if (*cond == 0 ||
- Ustrcmp(cond, "0") == 0 ||
- strcmpic(cond, US"no") == 0 ||
- strcmpic(cond, US"false") == 0)
- return FAIL;
-
-if (Ustrcmp(cond, "1") == 0 ||
- strcmpic(cond, US"yes") == 0 ||
- strcmpic(cond, US"true") == 0)
- return OK;
-
-auth_defer_msg = cond;
-auth_defer_user_msg = string_sprintf(": %s", cond);
-return DEFER;
+return auth_check_serv_cond(ablock);
}
-/* $Cambridge: exim/src/src/auths/plaintext.h,v 1.4 2006/02/23 12:41:22 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/plaintext.h,v 1.5 2006/10/16 15:44:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
/* Private structure for the private options. */
typedef struct {
- uschar *server_condition;
uschar *server_prompts;
uschar *client_send;
BOOL client_ignore_invalid_base64;
-/* $Cambridge: exim/src/src/auths/spa.c,v 1.7 2006/02/23 12:41:22 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/spa.c,v 1.8 2006/10/16 15:44:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
* typedef unsigned uint32;
* typedef unsigned char uint8;
-07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid
- input data. Find appropriate comment by grepping for "PH".
+07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid
+ input data. Find appropriate comment by grepping for "PH".
+16-October-2006: PH: Added a call to auth_check_serv_cond() at the end
*/
((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
24) == 0)
/* success. we have a winner. */
- return OK;
+
+ /* Expand server_condition as an authorization check (PH) */
+ return auth_check_serv_cond(ablock);
return FAIL;
}
-/* $Cambridge: exim/src/src/functions.h,v 1.28 2006/10/09 14:36:25 ph10 Exp $ */
+/* $Cambridge: exim/src/src/functions.h,v 1.29 2006/10/16 15:44:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
extern int auth_call_radius(uschar *, uschar **);
extern int auth_call_saslauthd(uschar *, uschar *, uschar *, uschar *,
uschar **);
+extern int auth_check_serv_cond(auth_instance *);
extern int auth_get_data(uschar **, uschar *, int);
extern int auth_get_no64_data(uschar **, uschar *);
extern uschar *auth_xtextencode(uschar *, int);
-/* $Cambridge: exim/src/src/globals.c,v 1.59 2006/09/25 10:14:20 ph10 Exp $ */
+/* $Cambridge: exim/src/src/globals.c,v 1.60 2006/10/16 15:44:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
(void *)(offsetof(auth_instance, public_name)) },
{ "server_advertise_condition", opt_stringptr | opt_public,
(void *)(offsetof(auth_instance, advertise_condition))},
+ { "server_condition", opt_stringptr | opt_public,
+ (void *)(offsetof(auth_instance, server_condition)) },
{ "server_debug_print", opt_stringptr | opt_public,
(void *)(offsetof(auth_instance, server_debug_string)) },
{ "server_mail_auth_condition", opt_stringptr | opt_public,
NULL, /* set_id */
NULL, /* server_mail_auth_condition */
NULL, /* server_debug_string */
+ NULL, /* server_condition */
FALSE, /* client */
FALSE, /* server */
FALSE /* advertised */
-/* $Cambridge: exim/src/src/structs.h,v 1.12 2006/09/25 11:25:37 ph10 Exp $ */
+/* $Cambridge: exim/src/src/structs.h,v 1.13 2006/10/16 15:44:36 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
uschar *set_id; /* String to set as authenticated id */
uschar *mail_auth_condition; /* Condition for AUTH on MAIL command */
uschar *server_debug_string; /* Debugging output */
+ uschar *server_condition; /* Authorization condition */
BOOL client; /* TRUE if client option(s) set */
BOOL server; /* TRUE if server options(s) set */
BOOL advertised; /* Set TRUE when advertised */
domainlist local_domains = test.ex : *.test.ex
-hostlist auth_hosts = 10.0.0.1
+hostlist auth_hosts = 10.0.0.1 : 10.0.0.5
hostlist relay_hosts = 10.0.0.4
hostlist auth_relay_hosts = 10.0.0.3 : 10.0.0.4
server_secret = "${if eq{$auth1}{tim}{tanstaaftanstaaf}\
{${if eq{$auth1}{userx}{secret}fail}}}"
server_set_id = $auth1
+ server_condition = ${if !eq {$sender_host_address}{10.0.0.5}}
.
quit
****
+exim -bh 10.0.0.5
+ehlo test.host
+AUTH CRAM-MD5
+dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw
+mail from:<userx@some.domain>
+rcpt to:<userx@test.ex>
+data
+Testing authenticated CRAM-MD5.
+.
+quit
+****
no_msglog_check
>>> host in helo_accept_junk_hosts? no (option unset)
>>> test.host in helo_lookup_domains? no (end of list)
>>> host in pipelining_advertise_hosts? yes (matched "*")
->>> host in "10.0.0.1"? no (end of list)
+>>> host in "10.0.0.1 : 10.0.0.5"? no (end of list)
>>> host in "10.0.0.4"? yes (matched "10.0.0.4")
>>> host in auth_advertise_hosts? no (matched "!+relay_hosts")
>>> host in hosts_connection_nolog? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
>>> test.host in helo_lookup_domains? no (end of list)
>>> host in pipelining_advertise_hosts? yes (matched "*")
->>> host in "10.0.0.1"? yes (matched "10.0.0.1")
+>>> host in "10.0.0.1 : 10.0.0.5"? yes (matched "10.0.0.1")
>>> host in auth_advertise_hosts? yes (matched "+auth_hosts")
>>> +++CRAM-MD5 $auth1="tim" $auth2="" $auth3=""
>>> CRAM-MD5: user name = tim
>>> challenge = <1896.697170952@postoffice.reston.mci.net>
>>> received = b913a602c7eda7a495b4e6e7334d3890
>>> digest = b913a602c7eda7a495b4e6e7334d3890
+>>> cram_md5 authenticator:
+>>> $auth1 = tim
+>>> $1 = tim
+>>> +++CRAM-MD5 $auth1="tim" $auth2="" $auth3=""
+>>> expanded string: true
>>> using ACL "check_recipient"
>>> processing "warn"
>>> check hosts = 10.0.0.5
>>> accept: condition test succeeded
>>> host in ignore_fromline_hosts? no (option unset)
LOG: 10HmaY-0005vi-00 <= userx@some.domain H=(test.host) [10.0.0.1] P=esmtpa A=cram_md5:tim S=sss
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
+>>> test.host in helo_lookup_domains? no (end of list)
+>>> host in pipelining_advertise_hosts? yes (matched "*")
+>>> host in "10.0.0.1 : 10.0.0.5"? yes (matched "10.0.0.5")
+>>> host in auth_advertise_hosts? yes (matched "+auth_hosts")
+>>> +++CRAM-MD5 $auth1="tim" $auth2="" $auth3=""
+>>> CRAM-MD5: user name = tim
+>>> challenge = <1896.697170952@postoffice.reston.mci.net>
+>>> received = b913a602c7eda7a495b4e6e7334d3890
+>>> digest = b913a602c7eda7a495b4e6e7334d3890
+>>> cram_md5 authenticator:
+>>> $auth1 = tim
+>>> $1 = tim
+>>> +++CRAM-MD5 $auth1="tim" $auth2="" $auth3=""
+>>> expanded string:
+LOG: cram_md5 authenticator failed for (test.host) [10.0.0.5]: 535 Incorrect authentication data (set_id=tim)
+>>> using ACL "check_recipient"
+>>> processing "warn"
+>>> check hosts = 10.0.0.5
+>>> host in "10.0.0.5"? yes (matched "10.0.0.5")
+>>> warn: condition test succeeded
+>>> processing "accept"
+>>> check hosts = 10.0.0.5
+>>> host in "10.0.0.5"? yes (matched "10.0.0.5")
+>>> accept: condition test succeeded
+>>> host in ignore_fromline_hosts? no (option unset)
+LOG: 10HmaZ-0005vi-00 <= userx@some.domain H=(test.host) [10.0.0.5] P=esmtp S=sss
driver = plaintext
public_name = PLAIN
server_advertise_condition =
+server_condition = xxx
server_debug_print =
server_mail_auth_condition =
server_set_id =
no_client_ignore_invalid_base64
client_send =
-server_condition = xxx
server_prompts =
a2 authenticator:
driver = plaintext
public_name = PLAIN
server_advertise_condition =
+server_condition =
server_debug_print =
server_mail_auth_condition =
server_set_id =
no_client_ignore_invalid_base64
client_send =
-server_condition =
server_prompts =
a3 authenticator:
driver = plaintext
public_name = LOGIN
server_advertise_condition =
+server_condition =
server_debug_print =
server_mail_auth_condition =
server_set_id =
no_client_ignore_invalid_base64
client_send =
-server_condition =
server_prompts =
a4 authenticator:
driver = plaintext
public_name = LOGIN
server_advertise_condition =
+server_condition =
server_debug_print =
server_mail_auth_condition =
server_set_id =
no_client_ignore_invalid_base64
client_send =
-server_condition =
server_prompts =
**** SMTP testing: that is not a real message id!
221 myhost.test.ex closing connection\r
+
+**** SMTP testing session as if from host 10.0.0.5
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello test.host [10.0.0.5]\r
+250-SIZE 52428800\r
+250-ETRN\r
+250-EXPN\r
+250-PIPELINING\r
+250-AUTH CRAM-MD5\r
+250 HELP\r
+334 PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+\r
+535 Incorrect authentication data\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaZ-0005vi-00\r
+
+**** SMTP testing: that is not a real message id!
+
+221 myhost.test.ex closing connection\r