At 03:53 PM 3/18/2008, you wrote:
Wietse Venema wrote: > There is no reason why this can't be implemented, but I want to > avoid chaos in Postfix. So I don't want to keep adding more and > more ad-hoc parameters to the Postfix-to-SASL library interface. > > This interface is also used by Cyrus SASL and may be used for other > non-Cyrus implementations later. Changes to this API should be > carefully designed.Alex: > I understand. It's have to wait unless it can really be necessary for > more users and could be part of 'official' API. > I wrote about it as "for not near future" wish. As for 'some day'. In the case of the Postfix TLS library we ran into a similar problem, when APIs kept growing with more and more function call parameters. To maintain some level of elegance I introduced function calls with named parameters: TLS_SERVER_START(...stuff..., ctx = smtpd_tls_ctx, stream = state->client, log_level = var_smtpd_tls_loglevel, timeout = var_smtpd_starttls_tmout, ...more stuff...); C does not have named parameter lists, but they can be emulated with a little bit of C preprocessor fu. This looks like a usable approach for extending the Postfix-to-SASL library interface. Another approach is using a call-back function that queries Postfix for specific information. This is the approach taken with the Postfix Milter client, but it is probably over-kill for SASL. Wietse
I'll throw my request in for this feature to be prioritized. We're using SMTP AUTH in postfix, querying the dovecot auth socket which works well; however, in our virtual hosted environment it requires that customers login with their full email address. Great in practice, but impractical when a hosting account moves over and has 300, or 3000 subscribers all using username only authentication. In that case, with dovecot currently the query is written to compare full email (if exists to the database) and if not, it compares the local_ip value of the connection to the database to do a domain match so the full domain is not required and then concatenates the domain which was just looked up by local_ip to the username for a full match.
As the dovecot auth socket does not receive the local_ip information from postfix currently, this is not an option. It would help us out a lot if this feature were in there.
I noticed somebody wrote a patch for postfix-2.3.8. I'm not a C programmer myself, so I'm not sure of it's quality or if this code could be used or committed to the postfix source tree. Found at http://preview.tinyurl.com/b87z44
- Nathan
