* Wietse Venema <postfix-devel@postfix.org>: > Matthew Via: > > On 15:43 Wed 28 Jan , Wietse Venema wrote: > > > That is, if the SASL client was activated then we update it, > > > and otherwise we don't bother (don't wake up sleeping dogs). > > > > Okay. I'll use the way you have it, do you want me to resubmit that? > > It's included with Postfix 2.12 (or 3.0, when I get around to it). > > > XCLIENT doesn't appear to have a way to say if the client connection is > > secured or not. If that existed, I suppose it could use that instead, > > but otherwise I can't see that there is a solution here. With no > > alternative, it makes sense to me to trust the sysadmins setting up the > > proxy architecture. Do you have any other ideas? > > XCLIENT has feature-creeped over time, and I suppose after AUTH we > can also add something for TLS. Unfortunately there are multiple > TLS properties that Postfix may use for access control, and those > would have to be proxied.
+1 XCLIENT is great for testing/dry runs. Ideally we could test any combination of (connection and) session filters through XLCIENT. I haven't given this careful thought yet, but I think it would be worth to find out how far we could get. -- Patrick Ben Koetter p...@state-of-mind.de
