* Use the new `$acl_m_user' variable to identify the sender, if it's
set; otherwise use the existing authenticated-sender.
* Force setting `AUTH=...' to the next hop even though we haven't
explicitly authenticated. (Actually, we have, using a TLS client
certificate, but that doesn't seem to count for pushing `AUTH=...'.)
tls_require_ciphers = CONF_good_ciphers
tls_dh_min_bits = 2046
tls_tempfail_tryclear = false
tls_require_ciphers = CONF_good_ciphers
tls_dh_min_bits = 2046
tls_tempfail_tryclear = false
- authenticated_sender = ${if def:authenticated_id \
- {$authenticated_id@CONF_master_domain} \
- fail}
+ authenticated_sender_force = true
+ authenticated_sender = \
+ ${if def:acl_m_user {$acl_m_user@CONF_master_domain} \
+ {${if def:authenticated_sender {$authenticated_sender} \
+ fail}}}
## A standard transport for local delivery.
deliver:
## A standard transport for local delivery.
deliver: