SASL and Rule Sets
The SMTP AUTH
extension, enabled by SASL, allows client machines
to relay mail through the authentication-checking
server. This mechanism is especially useful for
roaming users whose laptops seldom have a constant
IP number or hostname assigned.[94] A special rule set called trust_auth, found inside
the sendmail configuration
file, does the actual checking. This rule set
decides whether the client’s authentication
identifier (authid) is trusted to act as (proxy
for) the requested authorization identity (userid). It allows
authid to act
for userid if
both are recognized, and disallows that action if
the authentication fails.
Another rule set, called Local_trust_auth, is available if you
wish to supplement the basic test provided by
trust_auth. The
Local_trust_auth rule set can return
the #error
delivery agent to disallow proxying, or it can
return OK to allow proxying.
Within the Local_trust_auth rule set you can use
three new sendmail macros (in
addition to the other normal
sendmail macros). They
are:
{auth_authen}The client’s authentication credentials as determined by the authentication process (see ${auth_authen} on page 804).
{auth_author}The authorization identity as set by issuance of the
SMTP AUTH=parameter (see ${auth_author} on page 805). This could be either a username or a user@host.domain address.{auth_type}The mechanism used for authentication (see ${auth_type} on page 806), such as
CRAM-MD5andPLAIN.
These three macros can also be used in any of the ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
