> Make that the userdbpw man page. Instructions followed, correct field initialized with an hmac-md5 for a password, and AUTH CRAM-MD5 now works perfectly! Mercy buckets!
Next goal: arrange things so that user-specific rcptfilter scripts can detect that mail came from an authorized relay, and return 0 to whitelist the sender. This would go a long way towards easing the "you are not whitelisted" problem for authenticated SMTP clients. In looking through the source code and documentation, I can't see a good way to allow the rcptfilter script access to the "knowledge" that a message arrived from some sort of authorized or authenticated origin. The AUTH user ID doesn't seem to be passed in. The only possible route I could see, was one of setting the RELAYCLIENT environment variable, since this *is* passed to the scripts. This variable is settable from the smtpaccess file (for pre-authorized IP addresses), and can be set for connections which AUTH by making use of the (undocumented?) feature which copies the AUTHRELAYCLIENT environment variable to RELAYCLIENT if you successfully AUTHenticate. Unfortunately, this doesn't work either, for a combination of reasons: - Simply setting RELAYCLIENT to an empty string doesn't work, because maildrop's "import" statement automatically sets an imported variable to "" if no such environment variable exist. No way to tell the difference from the script, as far as I can tell. - Setting RELAYCLIENT to a nonempty string in smtpaccess, and setting AUTHRELAYCLIENT to a nonempty string in the esmtpd config file, doesn't work either, due to a side effect I had not expected. It appears that couriersmtpd.c automatically appends the contents of RELAYCLIENT to each recipient address for some reason, even if the address consists of a complete "[EMAIL PROTECTED]". I can't figure out why it's doing this (it's undocumented?) except possibly for compatibility with qmail (which is documented to behave this way, but I can't really figure out why *it* did so!). I suppose I could work around maildrop's inability to distinguish an absent RELAYCLIENT from a null-string RELAYCLIENT by shelling out (e.g.) FOO=`printenv | grep RELAYCLIENT` but that seems a trifle inelegant :-( Any suggestion as to a better way to let the rcptfilter know that a message came from a user who successfully AUTHenticated? And, does anybody actually use that feature which causes RELAYCLIENT to be appended to every recipient address? ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
