X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/ae9744ce099209f94e7a5b73e47d99af7e712163..8afec8982a03946c92b3bde00ac5776fed9bc197:/auth.m4

diff --git a/auth.m4 b/auth.m4
index 93b25c0..817bfd6 100644
--- a/auth.m4
+++ b/auth.m4
@@ -88,18 +88,30 @@ acl_smtp_mailauth = mailauth
 SECTION(acl, misc)m4_dnl
 ## Check the `AUTH=...' parameter to a `MAIL' command.
 mailauth:
+
 	## If the client has authenticated using TLS then we're OK.  The
 	## sender was presumably checked upstream, and we can believe that
 	## the name has been transmitted honestly.
-	accept	  condition = ${if def:tls_peerdn}
+	accept	 condition = ${if def:tls_peerdn}
+		 set acl_m_user = ${if match_address{$authenticated_sender} \
+						    {*@CONF_master_domain} \
+				       {${local_part:$authenticated_sender}}}
 
 	## If this is submission, and the client has authenticated, then we
 	## check that the name matches the user.
-	accept	  condition = ${if eq {$authenticated_sender} \
-				      {$authenticated_id@CONF_master_domain}}
+	accept	 condition = ${if eq {$authenticated_sender} \
+				     {$authenticated_id@CONF_master_domain}}
 
 	## Otherwise we can't tell who really sent it.
-	deny	  message = Authenticated user not authoritative for claimed sender.
+	deny	 message = Authenticated user not authoritative for claimed sender.
+
+SECTION(acl, data-hooks)m4_dnl
+	## Report the `AUTH=' value, if we have one.  This is delayed from
+	## the above so that Exim can figure out a queue id.  Once it's done
+	## so, apparently it reports that automatically, so we don't need to
+	## mention `$message_exim_id' explicitly here.
+	warn	 condition = ${if def:acl_m_user}
+		 logwrite = AUTH=${quote:$acl_m_user}
 
 DIVERT(null)
 ###----- That's all, folks --------------------------------------------------