Andre Nathan:
> On Tue, 2012-08-14 at 11:53 -0400, Wietse Venema wrote:
> > The scheduler API (actually a protocol) would then receive requests
> > containing (sender, recipients) and it would reply with one or more
> > (sender, transport, nexthop, recipients) responses. The scheduler
> > would append these to its per-transport-per-destination queues.
>
> This would be great! I think the only thing missing in the reply is a
> field indicating whether the sender is SASL-authenticated, so that one
> can differentiate between an outgoing message sent by a local user and a
> redirect.
That would be a mistake.
First, an MTA can require SASL authentication for email that isn't
an original submision. Second, an MTA can authenticate clients via
means other than SASL. Third, mail submitted with the Postfix
sendmail command can be an original submission, or it can be a relay
submission after a content filter. An SRS tool should handle these
scenarios correctly or else there will be problems.
Finally, Postfix does not have a "this is forwarded/relayed mail"
field in the queue file, because nothing inside Postfix cares about
such things. Only the SMTP daemon has a notion of "final destination"
that everyone can send mail to, while all other destinations require
some form of additional client authorization.
If I am not mistaken, a sender needs to be SRS-munged when both the
sender and the final recipient are remote for some definition of
"remote". Also, if the sender address is not "remote" then it is a
good idea to have evidence in the form of authentication.
Wietse
