jeff geng:
> Wietse:
> Please see my reply marked as blue.
> :)
>
> jeff geng
>
> 2010/1/5 Wietse Venema <wie...@porcupine.org>
>
> > jeff geng:
> > > Wietse:
> > >
> > > Happy new year :)
> > >
> > > We use niginx's smtp function to redirect mail to postfix server. But in
> > > postfix, XCLIENT command can't support the LOGIN paremeter.
> > > Severial months ago, I write a patch for postfix-2.5.3. Now nginx
> > official
> > > website also supply a patch for this situation as followed:
> > > http://www.citrin.ru/nginx:xclient-login-patch. In additional, my patch
> > also
> > > support xforward function.
> > >
> > > We will be very grateful to you if you can accept these patch (nginx
> > > official patch or our patch). Of course, you'd better add this function
> > to
> > > your new version.
> > > After that We can use new version directly, other than patch the original
> > > source manually.
> >
> > Can you explain the following:
> >
> > + int got_login =0;
> > ...
> > + got_login = 1;
> >
> > Why is the got_login variable introduced? It is a write-only variable.
> >
>
> We introduce got_login is for the same reason as got_helo and got_proto.It
> means postfix has got login information from client, and postfix should save
> the username and password from XCLIENT.
Your patch is no code that reads the got_login variable. This
this is a "dead" assignment.
> > #ifdef USE_SASL_AUTH
> > if (var_smtpd_sasl_enable)
> > ! if (got_proto == 0)
> > ! smtpd_sasl_auth_reset(state);
> > #endif
> >
> > Why test for the PROTO attribute here? What happens when the client
> > sends LOGIN=username before PROTO=SMTP? As documented XCLIENT does
> > not require that attributes are sent in a specific order.
> >
> >
> This is my mistake. It should be if (got_login == 0 &&
> ar_smtpd_sasl_enable(state)) . It means if postfix can't get login
This explains why you had a variable that was written to but that
was never read.
> > + UPDATE_STR(state->sasl_username, attr_value);
> > + printable(state->sasl_username, '?');
> > + UPDATE_STR(state->sasl_method, "xclient");
> >
> > Why not use the real authentication mechanism?
> >
>
> Otherwise, if XCLIENT pass LOGIN parameter, state->sasl_username and
> state->sasl_method will be updated, postfix will deem it as an authenticated
> client.
> So , if nginx pass through LOGIN parameter, postfix should identify it as a
> authenticated client, but postix XCLIENT can't support this parameter.
XCLIENT can support both the login name and the authentication
method name, and therefore nginx should pass both to Postfix.
Wietse
PS I don't use a web browser to read mail, so there is no need to
color your responses.
