Add non-mtp source info to ${authres }

4 files changed, 23 insertions, 4 deletions

diff --git a/src/src/expand.c b/src/src/expand.c
index a1ac7d198..f878e7b7f 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -1662,6 +1662,21 @@ return yield;
 
 
 
+/* Append a "local" element to an Autherntication-Results: header
+if this was a non-smtp message.
+*/
+
+static gstring *
+authres_local(gstring * g, const uschar * sysname)
+{
+if (!authentication_local)
+  return g;
+g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
+if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
+return g;
+}
+
+
 /* Append an "iprev" element to an Autherntication-Results: header
 if we have attempted to get the calling host's name.
 */
@@ -4141,6 +4156,7 @@ while (*s != 0)
 			US"Authentication-Results: ", sub_arg[0], US"; none");
       yield->ptr -= 6;
 
+      yield = authres_local(yield, sub_arg[0]);
       yield = authres_iprev(yield);
       yield = authres_smtpauth(yield);
 #ifdef SUPPORT_SPF
diff --git a/src/src/globals.c b/src/src/globals.c
index aed695066..7d18b38b5 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -434,6 +434,7 @@ uschar *authenticated_fail_id  = NULL;
 uschar *authenticated_id       = NULL;
 uschar *authenticated_sender   = NULL;
 BOOL    authentication_failed  = FALSE;
+BOOL    authentication_local   = FALSE;
 auth_instance  *auths          = NULL;
 uschar *auth_advertise_hosts   = US"*";
 auth_instance auth_defaults    = {
diff --git a/src/src/globals.h b/src/src/globals.h
index 66d6c26be..da1230b7f 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -228,6 +228,7 @@ extern uschar *authenticated_fail_id;  /* ID that failed authentication */
 extern uschar *authenticated_id;       /* ID that was authenticated */
 extern uschar *authenticated_sender;   /* From AUTH on MAIL */
 extern BOOL    authentication_failed;  /* TRUE if AUTH was tried and failed */
+extern BOOL    authentication_local;   /* TRUE if non-smtp (implicit authentication) */
 extern uschar *auth_advertise_hosts;   /* Only advertise to these */
 extern auth_info auths_available[];    /* Vector of available auth mechanisms */
 extern auth_instance *auths;           /* Chain of instantiated auths */
diff --git a/src/src/receive.c b/src/src/receive.c
index 6a534dc87..4cc43eb3a 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3572,15 +3572,16 @@ else
       goto TIDYUP;
 #endif /* WITH_CONTENT_SCAN */
 
-    if (acl_not_smtp != NULL)
+    if (acl_not_smtp)
       {
       uschar *user_msg, *log_msg;
+      authentication_local = TRUE;
       rc = acl_check(ACL_WHERE_NOTSMTP, NULL, acl_not_smtp, &user_msg, &log_msg);
       if (rc == DISCARD)
         {
         recipients_count = 0;
         blackholed_by = US"non-SMTP ACL";
-        if (log_msg != NULL)
+        if (log_msg)
           blackhole_log_msg = string_sprintf(": %s", log_msg);
         }
       else if (rc != OK)
@@ -3595,11 +3596,11 @@ else
         /* The ACL can specify where rejections are to be logged, possibly
         nowhere. The default is main and reject logs. */
 
-        if (log_reject_target != 0)
+        if (log_reject_target)
           log_write(0, log_reject_target, "F=<%s> rejected by non-SMTP ACL: %s",
             sender_address, log_msg);
 
-        if (user_msg == NULL) user_msg = US"local configuration problem";
+        if (!user_msg) user_msg = US"local configuration problem";
         if (smtp_batched_input)
           {
           moan_smtp_batch(NULL, "%d %s", 550, user_msg);