Wietse: Please see my reply marked as blue. :) jeff geng
2010/1/5 Wietse Venema <wie...@porcupine.org> > jeff geng: > > Wietse: > > > > Happy new year :) > > > > We use niginx's smtp function to redirect mail to postfix server. But in > > postfix, XCLIENT command can't support the LOGIN paremeter. > > Severial months ago, I write a patch for postfix-2.5.3. Now nginx > official > > website also supply a patch for this situation as followed: > > http://www.citrin.ru/nginx:xclient-login-patch. In additional, my patch > also > > support xforward function. > > > > We will be very grateful to you if you can accept these patch (nginx > > official patch or our patch). Of course, you'd better add this function > to > > your new version. > > After that We can use new version directly, other than patch the original > > source manually. > > Can you explain the following: > > + int got_login =0; > ... > + got_login = 1; > > Why is the got_login variable introduced? It is a write-only variable. > We introduce got_login is for the same reason as got_helo and got_proto.It means postfix has got login information from client, and postfix should save the username and password from XCLIENT. > #ifdef USE_SASL_AUTH > if (var_smtpd_sasl_enable) > ! if (got_proto == 0) > ! smtpd_sasl_auth_reset(state); > #endif > > Why test for the PROTO attribute here? What happens when the client > sends LOGIN=username before PROTO=SMTP? As documented XCLIENT does > not require that attributes are sent in a specific order. > > This is my mistake. It should be if (got_login == 0 && ar_smtpd_sasl_enable(state)) . It means if postfix can't get login infomation from XCLIENT, postfix will involk smtpd_sasl_auth_reset to cleanup state->sasl_username and >sasl_method. After that, if user want to authenticate, he will authenticate through auth login. > > + UPDATE_STR(state->sasl_username, attr_value); > + printable(state->sasl_username, '?'); > + UPDATE_STR(state->sasl_method, "xclient"); > > Why not use the real authentication mechanism? > Otherwise, if XCLIENT pass LOGIN parameter, state->sasl_username and state->sasl_method will be updated, postfix will deem it as an authenticated client. So , if nginx pass through LOGIN parameter, postfix should identify it as a authenticated client, but postix XCLIENT can't support this parameter.
