Jason McIntyre wrote, On 05/15/14 13:54:
the man page sates that:
>
> Both auth and auth-optional accept an optional table as a
> parameter. When provided, credentials are looked up in this
> table.
>
>but reading the new smtpd.conf(5) gives the impression that authtable is
>mandatory. I haven't checked the code but the following passes a check
>with smtpd -n
>
> listen on iwn0 tls auth
> listen on em0 tls auth-optional
>
>so it seems to be a valid syntax.
>
it's why i added the word "optional" to the description. the syntax
[<table>] is really ugly, and is hard to understand.
we could do it, but i don;t want to. sometimes it's better to sacrifice
being a million percent correct for clarity.
The syntax may be ugly, but the vagueness for a novice such as myself is
confusing. I wasted an hour with this exact issue the other day. I was
looking for the problem in all the wrong places. I thought my certs were
bad, my "pki" declaration was wrong, my email client was misconfigured.
Finally, I decided to try "<>" around my table name. VoilĂ !
The documentation is inconsistent and that's what threw me off.
In smtpd.conf(5) on OpenBSD 5.5 for example, the "listen on" directive
has the option "auth authtable" where the angle brackets are implied.
But the "accept | reject" directive has the option "for [!] domain
<domains> [alias <aliases>]" where the angle brackets are explicit.
It should be exclusively one way or the other. If [<table>] is too ugly,
then suffix all table place holders with "table". So for example, the
"accept | reject" directive I mentioned above would become "for [!]
domain domaintable [alias aliastable]". Then make a note that all place
holders/variables must be encloded by angle brackets.
Personally, I don't like that solution. I think being explicit with the
syntax is the correct solution. It doesn't matter if it is ugly; it's
the syntax that smtpd uses so it should be documented as such.
