> The default relaying setting is based on IP, which is part of the
> connection. But is AUTH part of the connection or part of the
> transaction?
After SMTP AUTH has been completed successfully, the client becomes an
relayclient of the rest of the connection. Currently we do this by
setting $ENV{RELAYCLIENT}. Same is true for allowing relaying by IP
(is connection) or by other means like for example my pop-before-smtp
solution (qppoprelay plugin).
I can only imagine very rare occasions when the right to relay is
bound only to the transaction. One example might be a plugins which
allows relaying for specific mail from senders (which is nowadays
a bad idea).
But as there might be other plugins which decide the relaying on a
mail-by-mail approach i suggest following my approach with both a
relaying flag for the whole session, as well a relaying flag for an
individual transaction (which will automatically be set when
the global session relaying flag is set). This makes it possible
to handle both cases.
-kju
--
It's an insane world, but i'm proud to be a part of it. -- Bill Hicks