FreeBSD is carrying a local patch to Exim, adding XCLIENT support. The ticket requesting its addition is at: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=133891 and there's no indication given there about why this was aimed directly at one OS's packaging, rather than at upstream.
The feature documentation is: http://www.postfix.org/XCLIENT_README.html The patch can be found at: https://github.com/freebsd/freebsd-ports/blob/master/mail/exim/files/extra-patch-xclient This should probably be considered as a parallel to the proxy protocol support which we have. Aside from security review, the biggest issue is likely to be that the patch wasn't given to us and is currently a standalone work without a license statement, so we'd need to chase down the original author and ask about permission to include as part of Exim, under GPL. In 2008 there was discussion on exim-users, subject "XCLIENT supported by exim?"; Nigel summarized the state as zero previous discussion, no patches, so no apparent interest. The tone of the response I see was generally "oh that's a Postfix thing, we just connect Exim directly to the Internet without anything in front of it". One of the last posts referenced an existing patch by Vsevolod Stakhov: http://cebka.pp.ru/blog/2007/12/xclient-exim.html http://cebka.pp.ru/blog/patch-exim-xclient but there's no longer any DNS for that host; however, the initial report in the FreeBSD PR #133891 referenced <http://cebka.pp.ru/blog/2009/01/-eximxclient.html> so it seems that the history of this patch in FreeBSD traces back to then, even though the FreeBSD patch has been maintained as it's patched for more recent Exim releases. I think that the biggest problem is that most postmaster folks back then didn't see the benefit of siting an Exim behind a front-end proxy, especially since this was presented as a security proxy adding features, where all the features _could_ be done in Exim already. Since then, with the widening spread of protocol-generic front-end loadbalancers, we've seen the haproxy Proxy Protocol take off, the approach of setting normally-from-getsockopt vars based upon remote data _if_ the connecting host passes an ACL has been validated and seen not to be a security issue (well, unless someone allows the extension from the open Internet, instead of just from the local trusted proxies) and I think that this is _much_ less controversial. It looks like the "Vsevolod Stakhov" from the original report is probably the gentleman by that name now at the University of Cambridge (oh, it's the same guy who did the cool libucl config library stuff, that's why the name was familiar :) ). On this basis, I'm going to explicitly CC Tony, also at UoC who could perhaps chat with Vsevolod, and the address found on <https://github.com/vstakhov>. Guys, okay to pull this patch into Exim? -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
