Patrick Ben Koetter:
> SMTPD_POLICY_README says:
>
> The "sasl_*" attributes (Postfix 2.2 and later) specify information about
> how the client was authenticated via SASL. These attributes are empty in
> case of no SASL authentication.
>
> I read that as:
>
> - I will know when SASL AUTH was successful
> - I will know when SASL AUTH did not take place
The policy protocol can, by definition, only provide the current
state of the SMTP server. It does not, for example, provide a list
of recipients that the client issued previously. Only the current
recipient is available, and only if that recipient was not already
rejected before the policy protocol was invoked.
As for information other than current state, the protocol can at
most provide counters that summarize history but not the details
of that history. For example it could report numbers of accepted
or rejected recipients (for this session? for this mail transaction?)
but not the details of those recipients.
> Would it be technically feasible to transmit the following states too?
>
> - SASL login wasn't successful (e.g. SASL "Generic SASL failure")
> - SASL login failed (SASL: "Authentication failed")
> - SASL login attempted to use a non-permitted envelope-sender
This is information other than current state, about conditions that
can happen multiple times during the same SMTP session. Therefore,
the protocol can at most provide counters that summarize that
history, but not the details of that history (what names were tried).
Wietse
