Patrick Ben Koetter: > SMTPD_POLICY_README says: > > The "sasl_*" attributes (Postfix 2.2 and later) specify information about > how the client was authenticated via SASL. These attributes are empty in > case of no SASL authentication. > > I read that as: > > - I will know when SASL AUTH was successful > - I will know when SASL AUTH did not take place
The policy protocol can, by definition, only provide the current state of the SMTP server. It does not, for example, provide a list of recipients that the client issued previously. Only the current recipient is available, and only if that recipient was not already rejected before the policy protocol was invoked. As for information other than current state, the protocol can at most provide counters that summarize history but not the details of that history. For example it could report numbers of accepted or rejected recipients (for this session? for this mail transaction?) but not the details of those recipients. > Would it be technically feasible to transmit the following states too? > > - SASL login wasn't successful (e.g. SASL "Generic SASL failure") > - SASL login failed (SASL: "Authentication failed") > - SASL login attempted to use a non-permitted envelope-sender This is information other than current state, about conditions that can happen multiple times during the same SMTP session. Therefore, the protocol can at most provide counters that summarize that history, but not the details of that history (what names were tried). Wietse