base.m4: Pass on authenticated sender properly in `smtp_local'.

  * Use the new `$acl_m_user' variable to identify the sender, if it's
    set; otherwise use the existing authenticated-sender.

  * Force setting `AUTH=...' to the next hop even though we haven't
    explicitly authenticated.  (Actually, we have, using a TLS client
    certificate, but that doesn't seem to count for pushing `AUTH=...'.)

diff --git a/base.m4 b/base.m4
index cb0f7a6..5880582 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -452,9 +452,11 @@ smtp_local:
        tls_require_ciphers = CONF_good_ciphers
        tls_dh_min_bits = 2046
        tls_tempfail_tryclear = false
-       authenticated_sender = ${if def:authenticated_id \
-                                   {$authenticated_id@CONF_master_domain} \
-                                   fail}
+       authenticated_sender_force = true
+       authenticated_sender = \
+               ${if def:acl_m_user {$acl_m_user@CONF_master_domain} \
+                    {${if def:authenticated_sender {$authenticated_sender} \
+                          fail}}}
 
 ## A standard transport for local delivery.
 deliver: