If we're relaying mail, and believing `AUTH=...' notes on `MAIL' lines,
then (a) we might be given several messages during a session, and (b)
they will in general have different `AUTH=...' notes, or none at all.
If we want to report the authenticated sender of a message, then, it's
important to track this information separately for each message.
Therefore, introduce `$acl_m_user', as a per-message counterpart to
`$acl_c_user'. It gets set the same as `$acl_c_user' for non-SMTP
messages (where there can only be one) and after we've just checked a
submitter, in `mail_auth_check'; but it also gets set from
`$authenticated_sender' in the `mailauth' ACL.
## sender was presumably checked upstream, and we can believe that
## the name has been transmitted honestly.
accept condition = ${if def:tls_peerdn}
+ set acl_m_user = ${if match_address{$authenticated_sender} \
+ {*@CONF_master_domain} \
+ {${local_part:$authenticated_sender}}}
## If this is submission, and the client has authenticated, then we
## check that the name matches the user.
not_smtp_start:
## Record the user's name.
warn set acl_c_user = $sender_ident
+ set acl_m_user = $sender_ident
## Done.
accept
deny message = Sender not authenticated
condition = ${if !def:acl_c_user}
+ ## Set the per-message authentication flag, since we now know that
+ ## there's a sensible value.
+ warn set acl_m_user = $acl_c_user
+
## All done.
accept