Hello all,

I apologize if these questions have been answered elsewhere; I have
been searching all over for answers without success.

According to what I've read in the README file, the trust_auth rule
set is used to determine whether or not the AUTH= SMTP parameter gets
passed on to next server. Is this coorect? If so, what is the value
of this? Are there really email clients out there that are able to
send an AUTH= parameter that is not the same as the authentication
credential?

Moreover, is it correct that this rule set has nothing to do with
relaying, and that I should be using Relay_Auth/Local_Relay_Auth for
this purpose? If so, are the $&{auth_*} macros available in those
rule sets? I ask because everything that I have read seems to only
mention those macros in connection with trust_auth.

Thank you very much in advance.

JTG

On May 24, 12:52 am, "John T. Guthrie" <mathguth...@gmail.com> wrote:
> According to what I've read in the README file, the trust_auth rule
> set is used to determine whether or not the AUTH= SMTP parameter gets
> passed on to next server. Is this coorect? If so, what is the value
> of this? Are there really email clients out there that are able to
> send an AUTH= parameter that is not the same as the authentication
> credential?

I apologize for the self-reply. I just remembered one other question
that I had. If the trust_auth rule set is used only for determining
whether or not to pass on the AUTH= parameter to other servers, why
does it generate messages of the following form in the mail log

ruleset=trust_auth, arg1=lkjasdjflasjdfklajdsflka, relay=my.relay.host
[192.168.2.27], reject=550 5.7.1 <guthrie@some.address>... guthrie not
allowed to act as lkjasdjflasjdfklajdsflka

when the following SMTP conversation takes place:

mail from: <guthrie@some.address> AUTH=lkjasdjflasjdfklajdsflka
250 2.1.0 <guthrie@some.address>... Sender ok

The server saying that the sender address is okay, but then logging a
rejection is kind of confusing. I can make this occur both with and
without authentication.

Thanks again.

JTG

In article <1179984160.735868.163680@u30g2000hsc.googlegroups .com> "John
T. Guthrie" <mathguthrie@gmail.com> writes:
>On May 24, 12:52 am, "John T. Guthrie" <mathguth...@gmail.com> wrote:
>> According to what I've read in the README file, the trust_auth rule
>> set is used to determine whether or not the AUTH= SMTP parameter gets
>> passed on to next server. Is this coorect?

Yes.

>> If so, what is the value
>> of this? Are there really email clients out there that are able to
>> send an AUTH= parameter that is not the same as the authentication
>> credential?

Well, you're demonstrating one down below.:-) Obviously, someone that
thinks it would be useful to forge the AUTH= parameter won't be limited
by what off-the-shelf MUAs are able to do.

>I apologize for the self-reply. I just remembered one other question
>that I had. If the trust_auth rule set is used only for determining
>whether or not to pass on the AUTH= parameter to other servers, why
>does it generate messages of the following form in the mail log
>
>ruleset=trust_auth, arg1=lkjasdjflasjdfklajdsflka, relay=my.relay.host
>[192.168.2.27], reject=550 5.7.1 <guthrie@some.address>... guthrie not
>allowed to act as lkjasdjflasjdfklajdsflka
>
>when the following SMTP conversation takes place:
>
>mail from: <guthrie@some.address> AUTH=lkjasdjflasjdfklajdsflka
>250 2.1.0 <guthrie@some.address>... Sender ok

It's basically "economic" - the ruleset call uses the same processing as
all the others that may actually reject a message or a recipient, hence
it produces the same type of log entry.

>The server saying that the sender address is okay, but then logging a
>rejection is kind of confusing.

You just need to learn that when the entry says ruleset=trust_auth, it's
a rejection of the AUTH= parameter and nothing else.

--Per Hedeland
per@hedeland.org