From: Mark Wooding Date: Thu, 24 Mar 2016 10:48:56 +0000 (+0000) Subject: base.m4, auth.m4: Track a per-message authenticated user. X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/commitdiff_plain/e90159689acef685dd341342f4697774a51c6a64 base.m4, auth.m4: Track a per-message authenticated user. If we're relaying mail, and believing `AUTH=...' notes on `MAIL' lines, then (a) we might be given several messages during a session, and (b) they will in general have different `AUTH=...' notes, or none at all. If we want to report the authenticated sender of a message, then, it's important to track this information separately for each message. Therefore, introduce `$acl_m_user', as a per-message counterpart to `$acl_c_user'. It gets set the same as `$acl_c_user' for non-SMTP messages (where there can only be one) and after we've just checked a submitter, in `mail_auth_check'; but it also gets set from `$authenticated_sender' in the `mailauth' ACL. --- diff --git a/auth.m4 b/auth.m4 index 019623d..04e1a07 100644 --- a/auth.m4 +++ b/auth.m4 @@ -93,6 +93,9 @@ mailauth: ## sender was presumably checked upstream, and we can believe that ## the name has been transmitted honestly. accept condition = ${if def:tls_peerdn} + set acl_m_user = ${if match_address{$authenticated_sender} \ + {*@CONF_master_domain} \ + {${local_part:$authenticated_sender}}} ## If this is submission, and the client has authenticated, then we ## check that the name matches the user. diff --git a/base.m4 b/base.m4 index a00757e..cb0f7a6 100644 --- a/base.m4 +++ b/base.m4 @@ -147,6 +147,7 @@ SECTION(acl, misc)m4_dnl not_smtp_start: ## Record the user's name. warn set acl_c_user = $sender_ident + set acl_m_user = $sender_ident ## Done. accept @@ -312,6 +313,10 @@ mail_check_auth: deny message = Sender not authenticated condition = ${if !def:acl_c_user} + ## Set the per-message authentication flag, since we now know that + ## there's a sensible value. + warn set acl_m_user = $acl_c_user + ## All done. accept