From: Nate (no email)
Date: Tue Feb 10 2009 - 19:22:34 EST
At 03:53 PM 3/18/2008, you wrote:
>Wietse Venema wrote:
> > There is no reason why this can't be implemented, but I want to
> > avoid chaos in Postfix. So I don't want to keep adding more and
> > more ad-hoc parameters to the Postfix-to-SASL library interface.
> > This interface is also used by Cyrus SASL and may be used for other
> > non-Cyrus implementations later. Changes to this API should be
> > carefully designed.
> > I understand. It's have to wait unless it can really be necessary for
> > more users and could be part of 'official' API.
> > I wrote about it as "for not near future" wish. As for 'some day'.
>In the case of the Postfix TLS library we ran into a similar problem,
>when APIs kept growing with more and more function call parameters.
>To maintain some level of elegance I introduced function calls with
> ctx = smtpd_tls_ctx,
> stream = state->client,
> log_level = var_smtpd_tls_loglevel,
> timeout = var_smtpd_starttls_tmout,
> ...more stuff...);
>C does not have named parameter lists, but they can be emulated
>with a little bit of C preprocessor fu. This looks like a usable
>approach for extending the Postfix-to-SASL library interface.
>Another approach is using a call-back function that queries Postfix
>for specific information. This is the approach taken with the
>Postfix Milter client, but it is probably over-kill for SASL.
I'll throw my request in for this feature to be prioritized. We're
using SMTP AUTH in postfix, querying the dovecot auth socket which
works well; however, in our virtual hosted environment it requires
that customers login with their full email address. Great in
practice, but impractical when a hosting account moves over and has
300, or 3000 subscribers all using username only authentication. In
that case, with dovecot currently the query is written to compare
full email (if exists to the database) and if not, it compares the
local_ip value of the connection to the database to do a domain match
so the full domain is not required and then concatenates the domain
which was just looked up by local_ip to the username for a full match.
As the dovecot auth socket does not receive the local_ip information
from postfix currently, this is not an option. It would help us out
a lot if this feature were in there.
I noticed somebody wrote a patch for postfix-2.3.8. I'm not a C
programmer myself, so I'm not sure of it's quality or if this code
could be used or committed to the postfix source tree. Found at