Saslswitchchannel, nosaslswitchchannel Channel Options

Channel switching based on SMTP authentication
The  channel option is used to cause incoming connections to be switched to a specified channel upon a client&#x27;s successful SASL use. (See the  and   channel options for configuration of permitting/requiring SMTP AUTH and SASL use.)   takes a required value, specifying the channel to which to switch. is the default, and means that channel switching is not performed upon a client&#x27;s successful SASL use.

See also the  user LDAP attribute, (or as of the 8.0 release, whatever LDAP attribute is named by the    MTA option) which when set on a user entry will cause channel "switching" to the specified channel; it thus permits "finer-grained" channel switching than   which merely switches all authenticated submissions to a particular named channel.

See also the (new in MS 6.3)   channel option which, in conjunction with site-selected user or domain LDAP attributes, also allows "fine-grained" channel switching, in this case based merely on the purported From: address.

The  channel option is typically used when it is desired to distinguish between authenticated vs. unauthenticated submissions as a class; the   user LDAP attribute (or as of the 8.0 release, whatever LDAP attribute is named by the    MTA option)  is typically used when it is desired to securely distinguish submissions from particular users (say to allow "special privileges" to particular users); the (new in MS 63)   channel option and associated LDAP attribute(s) are typically used when it is desired to make esthetic distinctions (rather than more critical "secure" distinctions) on users&#x27; submissions without requiring authenticated verification of the sender address.

See also Blocking SMTP relaying for an example of typical use of.

Note that any channel switching done by  will be undone if/when a client issues a (nonstandard, new in 8.0) XUNAUTHENTICATE command. (SMTP server support for the nonstandard XUNAUTHENTICATE extension and associated XUNAUTHENTICATE command is new in 8.0; note that  XUNAUTHENTICATE is not supported for the LMTP server.  XUNAUTHENTICATE is only valid after successful authentication has been performed, and the capability only shows up in  the EHLO response at this point at well.  Successful execution of the XUNAUTHENTICATE command will return the SMTP session to an unauthenticated state.)

See also:
 * maysasl Option
 * tlsswitchchannel Option
 * switchchannel Option
 * userswitchchannel Option
 * Blocking SMTP relaying
 * TLS and SASL channel options
 * ldap_auth_attr_submit_channel MTA Option
 * Incoming channel match and switch channel options
 * Channel options