break;
case ACLC_AUTHENTICATED:
- rc = (sender_host_authenticated == NULL)? FAIL :
- match_isinlist(sender_host_authenticated, &arg, 0, NULL, NULL, MCL_STRING,
- TRUE, NULL);
+ rc = sender_host_authenticated ? match_isinlist(sender_host_authenticated,
+ &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL) : FAIL;
break;
#ifdef EXPERIMENTAL_BRIGHTMAIL
uschar **sender_host_aliases = &no_aliases;
uschar *sender_host_address = NULL;
uschar *sender_host_authenticated = NULL;
+uschar *sender_host_auth_pubname = NULL;
unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32];
BOOL sender_host_dnssec = FALSE;
uschar *sender_host_name = NULL;
extern BOOL sender_helo_dnssec; /* True if HELO verify used DNS and was DNSSEC */
extern uschar *sender_helo_name; /* Host name from HELO/EHLO */
extern uschar **sender_host_aliases; /* Points to list of alias names */
+extern uschar *sender_host_auth_pubname; /* Public-name of authentication method */
extern unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32]; /* Cache bits for incoming host */
extern BOOL sender_host_dnssec; /* true if sender_host_name verified in DNSSEC */
extern BOOL sender_host_notsocket; /* Set for -bs and -bS */
/* If receiving by -bs from a trusted user, or testing with -bh, we allow
authentication settings from -oMaa to remain in force. */
-if (!host_checking && !sender_host_notsocket) sender_host_authenticated = NULL;
+if (!host_checking && !sender_host_notsocket)
+ sender_host_auth_pubname = sender_host_authenticated = NULL;
authenticated_by = NULL;
#ifdef SUPPORT_TLS
{
if (set_id) authenticated_id = string_copy_malloc(set_id);
sender_host_authenticated = au->name;
+ sender_host_auth_pubname = au->public_name;
authentication_failed = FALSE;
authenticated_fail_id = NULL; /* Impossible to already be set? */
US"invalid data for AUTH");
goto COMMAND_LOOP;
}
- if (acl_smtp_mailauth == NULL)
+ if (!acl_smtp_mailauth)
{
ignore_msg = US"client not authenticated";
- rc = (sender_host_authenticated != NULL)? OK : FAIL;
+ rc = sender_host_authenticated ? OK : FAIL;
}
else
{
+ (tls_in.active >= 0 ? pcrpted : 0)
];
- sender_host_authenticated = NULL;
+ sender_host_auth_pubname = sender_host_authenticated = NULL;
authenticated_id = NULL;
sync_cmd_limit = NON_SYNC_CMD_NON_PIPELINING;
DEBUG(D_tls) debug_printf("TLS active\n");
if (!sender_host_authenticated)
return g;
-g = string_append(g, 4, US";\n\tauth=pass"
- " (", sender_host_authenticated, US") smtp.auth=", authenticated_id);
+g = string_append(g, 2, US";\n\tauth=pass (", sender_host_auth_pubname);
+
+if (Ustrcmp(sender_host_auth_pubname, "tls") != 0)
+ g = string_append(g, 2, US") smtp.auth=", authenticated_id);
+else if (authenticated_id)
+ g = string_append(g, 2, US") x509.auth=", authenticated_id);
+else
+ g = string_catn(g, US") reason=x509.auth", 17);
+
if (authenticated_sender)
g = string_append(g, 2, US" smtp.mailfrom=", authenticated_sender);
return g;
acl_smtp_auth = log_call
acl_smtp_mail = check_authd
acl_smtp_rcpt = check_authd
+acl_smtp_data = ar_header
+
queue_only
queue_run_in_order
trusted_users = CALLER
!authenticated = *
accept
+ar_header:
+ accept add_header = :at_start:${authresults {$primary_hostname}}
# ----- Authentication -----
begin routers
-r1:
- driver = accept
- transport = ${if eq {$local_part}{smtps} {t2}{t1}}
+server_r:
+ driver = accept
+ condition = ${if eq {server}{SERVER}}
+ transport = file
+
+client_r1:
+ driver = accept
+ transport = ${if eq {$local_part}{smtps} {t2}{t1}}
# ----- Transports -----
tls_verify_certificates = DIR/aux-fixed/cert1
tls_verify_cert_hostnames = :
+file:
+ driver = appendfile
+ file = DIR/test-mail/$local_part
+ user = CALLER
+
# End
1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for x@y
1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for smtps@y
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=t1 H=127.0.0.1 [127.0.0.1]:1225 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client_r1 T=t1 H=127.0.0.1 [127.0.0.1]:1225 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => smtps@y R=r1 T=t2 H=127.0.0.1 [127.0.0.1]:1224 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => smtps@y R=client_r1 T=t2 H=127.0.0.1 [127.0.0.1]:1224 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex for x@y
1999-03-02 09:44:33 Auth ACL called, after smtp cmd ""
1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex for smtps@y
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => x <x@y> R=server_r T=file
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 => smtps <smtps@y> R=server_r T=file
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
Authentication-Results: myhost.test.ex;
- auth=pass (plain1) smtp.auth=userx
+ auth=pass (PLAIN) smtp.auth=userx
Received: from CALLER (helo=testing.ex)
by myhost.test.ex with local-esmtpa (Exim x.yz)
(envelope-from <CALLER@myhost.test.ex>)
--- /dev/null
+From ok@test.ex Tue Mar 02 09:44:33 1999
+Authentication-Results: myhost.test.ex;
+ iprev=pass (localhost);
+ auth=pass (tls) x509.auth="Phil Pennock"
+Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
+ by myhost.test.ex with esmtpsa (TLSv1:ke-RSA-AES256-SHA:xxx)
+ (Exim x.yz)
+ (envelope-from <ok@test.ex>)
+ id 10HmbA-0005vi-00
+ for smtps@y; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <ok@test.ex>)
+ id 10HmaY-0005vi-00
+ for smtps@y; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+From: ok@test.ex
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+
--- /dev/null
+From ok@test.ex Tue Mar 02 09:44:33 1999
+Authentication-Results: myhost.test.ex;
+ iprev=pass (localhost);
+ auth=pass (tls) x509.auth="Phil Pennock"
+Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
+ by myhost.test.ex with esmtpsa (TLSv1:ke-RSA-AES256-SHA:xxx)
+ (Exim x.yz)
+ (envelope-from <ok@test.ex>)
+ id 10HmaZ-0005vi-00
+ for x@y; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <ok@test.ex>)
+ id 10HmaX-0005vi-00
+ for x@y; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+From: ok@test.ex
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+
exim -q
****
killdaemon
+exim -DSERVER=server -DNOTDAEMON -q
+****
no_msglog_check