auth.m4: Report the message's authenticated sender at `DATA' time.

[exim-config] / base.m4

diff --git a/base.m4 b/base.m4
index 39e302b..cb0f7a6 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -81,11 +81,16 @@ SECTION(global, smtp)m4_dnl
 smtp_return_error_details = true
 accept_8bitmime = true
 
+SECTION(global, env)m4_dnl
+keep_environment =
+
 SECTION(global, process)m4_dnl
 extract_addresses_remove_arguments = false
 headers_charset = utf-8
 qualify_domain = CONF_master_domain
 untrusted_set_sender = *
+local_from_check = false
+local_sender_retain = true
 
 SECTION(global, bounce)m4_dnl
 delay_warning = 1h : 24h : 2d
@@ -142,6 +147,7 @@ SECTION(acl, misc)m4_dnl
 not_smtp_start:
        ## Record the user's name.
        warn     set acl_c_user = $sender_ident
+                set acl_m_user = $sender_ident
 
        ## Done.
        accept
@@ -160,11 +166,10 @@ mail:
        warn     condition = $acl_c_helo_warning
                !condition = ${if eq{$acl_c_mode}{submission}}
                !hosts = +allnets
-                ADD_HEADER(<:X-CONF_header_token-Warning: \
-                       BADHELO \
-                       Client's HELO doesn't match its IP address.\n\t\
-                       helo-name=$sender_helo_name \
-                       address=$sender_host_address:>)
+                WARNING_HEADER(BADHELO,
+                               <:Client's HELO doesn't match its IP address.\n\t\
+                                 helo-name=$sender_helo_name \
+                                 address=$sender_host_address:>)
 
        ## Always allow the empty sender, so that we can receive bounces.
        accept   senders = :
@@ -308,6 +313,10 @@ mail_check_auth:
        deny     message = Sender not authenticated
                 condition = ${if !def:acl_c_user}
 
+       ## Set the per-message authentication flag, since we now know that
+       ## there's a sensible value.
+       warn     set acl_m_user = $acl_c_user
+
        ## All done.
        accept