Explicitsaslexternal, implicitsaslexternal Channel Options

Automatic use of AUTH EXTERNAL at MAIL FROM
The SUBMIT/SMTP authentication model when authentication credentials are provided by an SSL/TLS client certification is for the SUBMIT/SMTP client to issue an AUTH EXTERNAL command after the connection is secured with SSL/TLS. Unfortunately, several popular clients do not issue an AUTH EXTERNAL command and instead rely on the binding being done automatically.

The  source channel option causes the SMTP/SUBMIT server to perform an implicit AUTH EXTERNAL SASL operation when a MAIL FROM command is received and the following conditions have been met:



 The  channel option at a minimum (or  ) is in effect and no authentication operations have been performed. 

 An SSL/TLS layer has been successfully negotiated. 

 The client provided a valid certificate as part of the SSL/TLS exchange. 



The  source  channel option disables this behavior. It is the default.

See also:
 * mustsaslserver Option
 * TLS and SASL channel options
 * Channel options