7 files changed, 31 insertions, 6 deletions

diff --git a/src/src/deliver.c b/src/src/deliver.c
index c01e4e61b..af39448c5 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -778,7 +778,11 @@ else
     {
     s = string_append(s, &size, &ptr, 2, US" A=", client_authenticator);
     if (client_authenticated_id)
+      {
       s = string_append(s, &size, &ptr, 2, US":", client_authenticated_id);
+      if (log_extra_selector & LX_smtp_mailauth  &&  client_authenticated_sender)
+        s = string_append(s, &size, &ptr, 2, US":", client_authenticated_sender);
+      }
     }
 
   if ((log_extra_selector & LX_smtp_confirmation) != 0 &&
@@ -2930,6 +2934,9 @@ while (!done)
     case '2':
       client_authenticated_id = (*ptr)? string_copy(ptr) : NULL;
       break;
+    case '3':
+      client_authenticated_sender = (*ptr)? string_copy(ptr) : NULL;
+      break;
     }
     while (*ptr++);
     break;
@@ -4016,6 +4023,13 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
         while(*ptr++);
         (void)write(fd, big_buffer, ptr - big_buffer);
 	}
+      if (client_authenticated_sender)
+        {
+        ptr = big_buffer;
+	sprintf(CS big_buffer, "C3%.64s", client_authenticated_sender);
+        while(*ptr++);
+        (void)write(fd, big_buffer, ptr - big_buffer);
+	}
 
       /* Retry information: for most success cases this will be null. */
 
diff --git a/src/src/expand.c b/src/src/expand.c
index a3d56eae6..786d4279c 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -426,8 +426,6 @@ static var_entry var_table[] = {
   { "bounce_return_size_limit", vtype_int,    &bounce_return_size_limit },
   { "caller_gid",          vtype_gid,         &real_gid },
   { "caller_uid",          vtype_uid,         &real_uid },
-  { "client_authenticator", vtype_stringptr,  &client_authenticator },
-  { "client_authenticated_id", vtype_stringptr, &client_authenticated_id },
   { "compile_date",        vtype_stringptr,   &version_date },
   { "compile_number",      vtype_stringptr,   &version_cnumber },
   { "csa_status",          vtype_stringptr,   &csa_status },
diff --git a/src/src/globals.c b/src/src/globals.c
index 8df1119fb..9645504f5 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -368,6 +368,7 @@ auth_instance auth_defaults    = {
     NULL,                      /* client_condition */
     NULL,                      /* public_name */
     NULL,                      /* set_id */
+    NULL,                      /* set_client_id */
     NULL,                      /* server_mail_auth_condition */
     NULL,                      /* server_debug_string */
     NULL,                      /* server_condition */
@@ -430,6 +431,7 @@ int     check_spool_inodes     = 0;
 int     check_spool_space      = 0;
 uschar	*client_authenticator  = NULL;
 uschar	*client_authenticated_id = NULL;
+uschar	*client_authenticated_sender = NULL;
 int     clmacro_count          = 0;
 uschar *clmacros[MAX_CLMACROS];
 BOOL    config_changed         = FALSE;
@@ -776,6 +778,7 @@ bit_table log_options[]        = {
   { US"smtp_confirmation",            LX_smtp_confirmation },
   { US"smtp_connection",              L_smtp_connection },
   { US"smtp_incomplete_transaction",  L_smtp_incomplete_transaction },
+  { US"smtp_mailauth",                LX_smtp_mailauth },
   { US"smtp_no_mail",                 LX_smtp_no_mail },
   { US"smtp_protocol_error",          L_smtp_protocol_error },
   { US"smtp_syntax_error",            L_smtp_syntax_error },
diff --git a/src/src/globals.h b/src/src/globals.h
index b3025db5a..325a9161d 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -238,8 +238,9 @@ extern int     check_log_space;        /* Minimum for message acceptance */
 extern BOOL    check_rfc2047_length;   /* Check RFC 2047 encoded string length */
 extern int     check_spool_inodes;     /* Minimum for message acceptance */
 extern int     check_spool_space;      /* Minimum for message acceptance */
-extern uschar *client_authenticator;   /* Authenticator name used for smtp delivery */
-extern uschar *client_authenticated_id; /* (not yet used) */
+extern uschar *client_authenticator;        /* Authenticator name used for smtp delivery */
+extern uschar *client_authenticated_id;     /* "login" name used for SMTP AUTH */
+extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */
 extern int     clmacro_count;          /* Number of command line macros */
 extern uschar *clmacros[];             /* Copy of them, for re-exec */
 extern int     connection_max_messages;/* Max down one SMTP connection */
diff --git a/src/src/macros.h b/src/src/macros.h
index c9d990ada..f19d6fdbf 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -410,6 +410,7 @@ set all the bits in a multi-word selector. */
 #define LX_tls_sni                     0x80800000
 #define LX_unknown_in_list             0x81000000
 #define LX_8bitmime                    0x82000000
+#define LX_smtp_mailauth               0x84000000
 
 #define L_default     (L_connection_reject        | \
                        L_delay_delivery           | \
diff --git a/src/src/receive.c b/src/src/receive.c
index d8b2b79a2..2d594e46e 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3602,7 +3602,11 @@ if (sender_host_authenticated != NULL)
   {
   s = string_append(s, &size, &sptr, 2, US" A=", sender_host_authenticated);
   if (authenticated_id != NULL)
+    {
     s = string_append(s, &size, &sptr, 2, US":", authenticated_id);
+    if (log_extra_selector & LX_smtp_mailauth  &&  authenticated_sender != NULL)
+      s = string_append(s, &size, &sptr, 2, US":", authenticated_sender);
+    }
   }
 
 sprintf(CS big_buffer, "%d", msg_size);
@@ -3612,10 +3616,11 @@ s = string_append(s, &size, &sptr, 2, US" S=", big_buffer);
    0 ... no BODY= used
    7 ... 7BIT
    8 ... 8BITMIME */
-if (log_extra_selector & LX_8bitmime) {
+if (log_extra_selector & LX_8bitmime)
+  {
   sprintf(CS big_buffer, "%d", body_8bitmime);
   s = string_append(s, &size, &sptr, 2, US" M8S=", big_buffer);
-}
+  }
 
 /* If an addr-spec in a message-id contains a quoted string, it can contain
 any characters except " \ and CR and so in particular it can contain NL!
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 0ab173232..b4ef7cf4d 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1499,7 +1499,10 @@ if ((smtp_authenticated || ob->authenticated_sender_force) &&
   string_format(p, sizeof(buffer) - (p-buffer), " AUTH=%s",
     auth_xtextencode(local_authenticated_sender,
     Ustrlen(local_authenticated_sender)));
+  client_authenticated_sender = string_copy(local_authenticated_sender);
   }
+else
+  client_authenticated_sender = NULL;
 
 /* From here until we send the DATA command, we can make use of PIPELINING
 if the server host supports it. The code has to be able to check the responses