Nathan Coulson:
> In testing, we were seeing the following results:
>
> smtpd_tls_security_level=may
> AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=1.6.0.5#011rip=1.6.41.1#011resp=
>
>
> smtpd_tls_security_level=encrypt
> AUTH#0111#011PLAIN#011service=smtp#011nologin#011lip=1.6.0.5#011rip=1.6.41.1#011secured#011resp=
>
>
> The secured flag is only set when the level is set to encrypt. I would
> expect it to be set for any client that connects via TLS.
No, the secured flag is set when the client requests STARTTLS.
Wietse
/*
* Set up a new server context for this connection.
*/
#ifdef USE_TLS
tls_flag = state->tls_context != 0;
#else
tls_flag = 0;
#endif
...
if ((state->sasl_server =
XSASL_SERVER_CREATE(smtpd_sasl_impl, &create_args,
stream = state->client,
server_addr = (state->dest_addr ?
state->dest_addr : ""),
client_addr = ADDR_OR_EMPTY(state->addr,
CLIENT_ADDR_UNKNOWN),
service = var_smtpd_sasl_service,
user_realm = REALM_OR_NULL(var_smtpd_sasl_realm),
security_options = sasl_opts_val,
tls_flag = tls_flag)) == 0)
msg_fatal("SASL per-connection initialization failed");
