From 8fa6a8430272f7c9f56f409f6ab9abf1a4ec4b26 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 24 Mar 2016 11:01:03 +0000
Subject: [PATCH] base.m4: Add an `auth=...' note to the Received header if
 we're relaying.

I'd previously resisted doing this, because the full `AUTH=...' notes
I'm passing around look a lot like email addresses and this might
subvert attempts to use extension addresses or the odin forwarder.  But
it seems a shame to lose this information.

Compromise: report the sender, as a bare user-name, only if the
domain-part is us.  This will, at worst, repeat the user name from the
sending MTA, which told us what it was either as the origin for a local
sender, or the authenticated user name from SMTP authentication or
identd (for submission to localhost).
---
 base.m4 | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/base.m4 b/base.m4
index eeb5fdb..25328e7 100644
--- a/base.m4
+++ b/base.m4
@@ -73,7 +73,13 @@ received_header_text = Received: \
 	${if def:sender_address \
 	     {(envelope-from $sender_address\
 	      ${if def:authenticated_id \
-		   {; auth=${quote_local_part:$authenticated_id}}})\n\t}}\
+		   {; auth=${quote_local_part:$authenticated_id}} \
+		   {${if and {{def:authenticated_sender} \
+			      {match_address{$authenticated_sender} \
+					    {*@CONF_master_domain}}} \
+			 {; auth=${quote_local_part:\
+				    ${local_part:\
+				      $authenticated_sender}}}}}})\n\t}}\
 	id $message_exim_id\
 	${if def:received_for {\n\tfor $received_for}}
 
-- 
2.11.0