Sorry for the noise.
Allowing dovecot server on the postfix relayhost (https://www.postfix.org/postconf.5.html#smtpd_authorized_xclient_hosts) permit to retrieve sasl_username in the log :
Nov 10 10:53:13 relayhost postfix/smtpd[2749948]: 834AE3F8AD: client=dovecot-submission[0.0.0.0], sasl_method=XCLIENT,sasl_username=submitter@example.com
I'm wondering if this sasl_username can now be retrieved by a milter.
But it's outside of the list.
Le 10/11/2022 à 11:56, itanguy@univ-brest.fr a écrit :
Hello,
We would like to use Dovecot Submission to have less queues to maintain. The relayhost (Postfix) after Dovecot routes mail by sender_map, so authenticated user, not the "mail from" because .
For what we've seen, we can't use receive header to retrieve this authenticated_user.
Example of header :
Received: from mailhost ([0.0.0.0]) by submission.host with ESMTPSA id submission-id (envelope-from<myadress@example.com>) for<myadress@example.com>; Thu, 9 Nov 2022 08:27:41 +0000
So we've thought to use X-client, but reading the doc seems that's not the a good way : /https://doc.dovecot.org/settings/core//
- submission_relay_trusted If enabled, the relay server is trusted. Determines whether we try to send (Postfix-specific) XCLIENT data to the relay server (only if enabled).
But, XCLIENT for Submission seems to not transfer LOGIN : /https://doc.dovecot.org/settings/core/ / XCLIENT command can be used to override: Session ID Client IP and port (|%{rip}|,|%{rport}|) HELO - Overrides what the client sent earlier in the EHLO command LOGIN - Currently unused PROTO - Currently unused
|forward_*| fields can be sent to auth process’s passdb lookup The trust is always checked against the connecting IP address. Except if HAProxy is used, then the original client IP address is used.
Do you know another way to inform the relayhost of submission of the authenticated_user?
Thanks
Ismaël TANGUY