Authrewrite Channel Option

From Messaging Server Technical Reference Wiki
Jump to: navigation, search


Authenticated originator information processing (authrewrite)

The authrewrite option may be used on a source channel to have the MTA propagate authenticated originator information, if available, into the headers. Normally the SMTP AUTH information is used (specifically, the user's canonical e-mail address, that is, the value of the mail attribute or new in MS 8.0 the value of whatever attribute is named by the ldap_auth_attr_sender MTA option, found when looking up the user for authentication), though this may be overridden via the FROM_ACCESS mapping. authrewrite takes a required bit-encoded integer value as an argument, according to the following table:

authrewrite option values
Bit Value Usage
0-⁠3 1 Add a Sender: header line, or a Resent-sender: header line if a Resent-from: or Resent-sender: was already present, containing the AUTH originator
0-⁠3 2 Add a Sender: header line containing the AUTH originator
0-⁠3 3 Use the AUTH_REWRITE mapping table, probing with any Resent-Sender: and Resent-From: info if present, and otherwise probing with Sender: and From: info
0-⁠3 4 Use the AUTH_REWRITE mapping table, probing with Sender: and From: info
0-⁠3 5 Add a From: header line, or a Resent-From: header line if a Resent-From: or Resent-Sender: was already present, containing the AUTH originator. This is NOT RECOMMENDED and CONTRARY TO INTERNET STANDARDS, and likely to HARM the security of your users. This option should almost NEVER be used: THIS MEANS YOU!.
0-⁠3 6 Add a From: header line containing the AUTH originator. This is NOT RECOMMENDED and CONTRARY TO INTERNET STANDARDS, and likely to HARM the security of your users. This option should almost NEVER be used: THIS MEANS YOU!.
4 16 (New in 6.2) If set, apply the AUTH_REWRITE mapping table, even if SMTP AUTH has not been used
5 32 (New in 6.2) If set, probes to AUTH_REWRITE include the source-channel as a prefix field, separated by a vertical bar character from the rest of the probe string; that is, when this bit is set then probes take the form:
src-chan|env-from|[resent-]sender|[resent-]from|auth-originator
6 64 (New in 7.2-7.02.) If set, use the rewritten version of the envelope from address in constructing the AUTH_REWRITE probe.
7 128 (New in 7.2-7.02.) If set, use the canonical version of the envelope from address in constructing the AUTH_REWRITE probe. Bit 6 (value 64) is a no-op if this bit is set.
8 256 (New in 7.3-11.01.) If set, add the value of the AUTH parameter from the SMTP MAIL FROM command to the AUTH_REWRITE probe, appearing just after the authorized originator address; that is, when this bit is set then probes take the form
env-from|[resent-]sender|[resent-]from|auth-originator|auth-param
9 512 (New in MS 7.0.5) If set, the final tag set via $T in the *_ACCESS mappings will be prefixed to the AUTH_REWRITE mapping probe; that is, when this bit is set then probes take the form:
ACCESS-tag|env-from|[resent-]sender|[resent-]from|auth-originator


See also: