SMTPD_POLICY_README says: The "sasl_*" attributes (Postfix 2.2 and later) specify information about how the client was authenticated via SASL. These attributes are empty in case of no SASL authentication.
I read that as: - I will know when SASL AUTH was successful - I will know when SASL AUTH did not take place Would it be technically feasible to transmit the following states too? - SASL login wasn't successful (e.g. SASL "Generic SASL failure") - SASL login failed (SASL: "Authentication failed") - SASL login attempted to use a non-permitted envelope-sender p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein