Viktor Dukhovni:
> On Wed, Nov 13, 2019 at 03:14:36AM +0100, J?n Lalinsk? wrote:
>
> > Thanks for the insights. However, I am optimistic that for smtp sessions
> > this can be made to (mostly) work, because the check for UID of the
> > process holding the client port can be done some time after SMTP
> > commands have been received by Postfix, at which point the connection is
> > already established.
>
> It may work for you, but my experience with Firefox showed that
> visibility of the peer uid could be noticeably delayed beyond
> connection setup. In any case, there are potentially both reliability
> and portability roadblocks do adding built-in support for this in
> Postfix.
Implementations of the IDENT protocol (RFC 931) have been around
for decennia.
> > If this works, the next question would be, is it possible to pass the
> > UID to Postfix as well and use that UID in Postfix config to alter its
> > behaviour when processing the email? For example, the UID should be
> > logged next to email ID to /var/log/maillog.
>
> You can add a header (PREPEND action), and perhaps some milter might
> then be able to react to that header. Don't recall whether PREPEND
> is available as an action in front of pre-queue proxy filters.
Indeed, PREPEND is an access map action, therefore available for
the policy protocol.
Wietse
