Dear group, I have a system A forwarding a mail flow - that it receives being the MX for some domains - to a system B using SASL and TLS on port 587. Both systems are running Postfix 2.9.6 (coming packaged with Debian Wheezy). Postscreen is not used. Everything works flawlessly.
Now, I would like to add the XCLIENT facility to do some antispam testing on B, using the original IPs that connected to A. So I put A's IP address in smtpd_authorized_xclient_hosts in the B's config, and verified that B advertises XCLIENT to A: 250-B.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-XCLIENT NAME ADDR PROTO HELO REVERSE_NAME PORT LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN when connecting to B. At this point TLS starts and XCLIENT is advertised again in the secure connection: 250-B.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH DIGEST-MD5 250-XCLIENT NAME ADDR PROTO HELO REVERSE_NAME PORT LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Then SASL (cyrus, DIGEST-MD5) does its job: 235 2.7.0 Authentication successful But at this point I get a normal mail transmission without the XCLIENT protocol. System A is not sending any XCLIENT line and proceeds directly with MAIL FROM, resulting in an ordinary mail forwarding. Am I doing something wrong ? From what I understand from the XCLIENT_README document, no configuration setting is required on the client system. Should I move to a more recent release ? Or should I give up using SASL and/or TLS if I want to use XCLIENT ? Thanks, furio ercolessi
