Submission: track authenticated_user

ismael.tanguy at univ-brest.fr ismael.tanguy at univ-brest.fr
Thu Nov 10 11:08:34 UTC 2022 

Sorry for the noise.

Allowing dovecot server on the postfix relayhost 
(https://www.postfix.org/postconf.5.html#smtpd_authorized_xclient_hosts) 
permit to retrieve sasl_username in the log :

Nov 10 10:53:13 relayhost postfix/smtpd[2749948]: 834AE3F8AD: client=dovecot-submission[0.0.0.0], sasl_method=XCLIENT,sasl_username=submitter at example.com

I'm wondering if this sasl_username can now be retrieved by a milter.

But it's outside of the list.


Le 10/11/2022 à 11:56, itanguy at univ-brest.fr a écrit :
>
> Hello,
>
> We would like to use Dovecot Submission to have less queues to maintain.
> The relayhost (Postfix) after Dovecot routes mail by sender_map, so 
> authenticated user, not the "mail from" because .
>
> For what we've seen, we can't use receive header to retrieve this 
> authenticated_user.
>
> Example of header :
>
>      Received: from mailhost ([0.0.0.0])
>      by submission.host with ESMTPSA
>      id submission-id
>      (envelope-from<myadress at example.com>)
>      for<myadress at example.com>; Thu, 9 Nov 2022 08:27:41 +0000
>
> So we've thought to use X-client, but reading the doc seems that's not 
> the a good way :
> /https://doc.dovecot.org/settings/core//
>
>     - submission_relay_trusted         
>          If enabled, the relay server is trusted.
>          Determines whether we try to send (Postfix-specific) XCLIENT data to the
>          relay server (only if enabled).
>
> But, XCLIENT for Submission seems to not transfer LOGIN :
> /https://doc.dovecot.org/settings/core/
> /
>      XCLIENT command can be used to override:
>          Session ID
>          Client IP and port (|%{rip}|,|%{rport}|)
>          HELO - Overrides what the client sent earlier in the EHLO command
>          LOGIN - Currently unused
>          PROTO - Currently unused
>
>     |forward_*|  fields can be sent to auth process’s passdb lookup
>
>     The trust is always checked against the connecting IP address.
>     Except if HAProxy is used, then the original client IP address is used.
>
> Do you know another way to inform the relayhost of submission of the 
> authenticated_user?
>
> Thanks
>
> Ismaël TANGUY 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20221110/419b8ff4/attachment.htm>

More information about the dovecot mailing list