base.m4: Add an `auth=...' note to the Received header if we're relaying.

I'd previously resisted doing this, because the full `AUTH=...' notes
I'm passing around look a lot like email addresses and this might
subvert attempts to use extension addresses or the odin forwarder.  But
it seems a shame to lose this information.

Compromise: report the sender, as a bare user-name, only if the
domain-part is us.  This will, at worst, repeat the user name from the
sending MTA, which told us what it was either as the origin for a local
sender, or the authenticated user name from SMTP authentication or
identd (for submission to localhost).

diff --git a/base.m4 b/base.m4
index eeb5fdb..25328e7 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -73,7 +73,13 @@ received_header_text = Received: \
        ${if def:sender_address \
             {(envelope-from $sender_address\
              ${if def:authenticated_id \
-                  {; auth=${quote_local_part:$authenticated_id}}})\n\t}}\
+                  {; auth=${quote_local_part:$authenticated_id}} \
+                  {${if and {{def:authenticated_sender} \
+                             {match_address{$authenticated_sender} \
+                                           {*@CONF_master_domain}}} \
+                        {; auth=${quote_local_part:\
+                                   ${local_part:\
+                                     $authenticated_sender}}}}}})\n\t}}\
        id $message_exim_id\
        ${if def:received_for {\n\tfor $received_for}}