[Pymilter] milter catching Auth Login failures

[Stuart D Gathman]

On Wed, 24 May 2023, Ed Wong wrote:

> I've been looking at the milter api and I was wondering if I got this
> correct,
> in that when sendmail shows AUTH failure (LOGIN) in the log,  this
> information
> isn't accessible via the milter api, right?

https://pymilter.org/pymilter/milter_api/smfi_getsymval.html

This any other things are communicated via "macros".  In the envfrom
callback you can check AUTH results.  I think that AUTH failure
continues as a random outside sender (i.e. no authentication).  At least
that is how bms.py treats it - it's been a while.

There is an example in bms.py (the big milter that keeps accumulating
features and needs a redesign).

I copy a snippet here:

     # Check SMTP AUTH, also available:
     #   auth_authen  authenticated user
     #   auth_author  (ESMTP AUTH= param)
     #   auth_ssf     (connection security, 0 = unencrypted)
     #   auth_type    (authentication method, CRAM-MD5, DIGEST-MD5,
     #   PLAIN, etc)
     # cipher_bits  SSL encryption strength
     # cert_subject SSL cert subject
     # verify       SSL cert verified

     self.user = self.getsymval('{auth_authen}')
     if self.user:
       # Very simple SMTP AUTH policy by default:
       #   any successful authentication is considered INTERNAL
       # Detailed authorization policy is configured in the access file
       # below.
       self.internal_connection = True
       self.trust_dkim = self.trust_spf = True
       auth_type = self.getsymval('{auth_type}')
       ssl_bits =  self.getsymval('{cipher_bits}')
       self.log(
         "SMTP AUTH:",self.user,"sslbits =",ssl_bits, auth_type,
         "ssf =",self.getsymval('{auth_ssf}'), "INTERNAL"
       )