Matthew Via:
> On 15:43 Wed 28 Jan , Wietse Venema wrote:
> > That is, if the SASL client was activated then we update it,
> > and otherwise we don't bother (don't wake up sleeping dogs).
>
> Okay. I'll use the way you have it, do you want me to resubmit that?
It's included with Postfix 2.12 (or 3.0, when I get around to it).
> XCLIENT doesn't appear to have a way to say if the client connection is
> secured or not. If that existed, I suppose it could use that instead,
> but otherwise I can't see that there is a solution here. With no
> alternative, it makes sense to me to trust the sysadmins setting up the
> proxy architecture. Do you have any other ideas?
XCLIENT has feature-creeped over time, and I suppose after AUTH we
can also add something for TLS. Unfortunately there are multiple
TLS properties that Postfix may use for access control, and those
would have to be proxied.
Wietse
