P�Po�os�st�tf�fi�ix�x X�XC�CL�LI�IE�EN�NT�T H�Ho�ow�wt�to�o
-------------------------------------------------------------------------------
P�Pu�ur�rp�po�os�se�e o�of�f t�th�he�e X�XC�CL�LI�IE�EN�NT�T e�ex�xt�te�en�ns�si�io�on�n t�to�o S�SM�MT�TP�P
The XCLIENT command targets the following problems:
1. Access control tests. SMTP server access rules are difficult to verify when
decisions can be triggered only by remote clients. In order to facilitate
access rule testing, an authorized SMTP client test program needs the
ability to override the SMTP server's idea of the SMTP client hostname,
network address, and other client information, for the entire duration of
an SMTP session.
2. Client software that downloads mail from an up-stream mail server and
injects it into a local MTA via SMTP. In order to take advantage of the
local MTA's SMTP server access rules, the client software needs the ability
to override the SMTP server's idea of the remote client name, client
address and other information. Such information can typically be extracted
from the up-stream mail server's Received: message header.
3. Post-filter access control and logging. With Internet->filter->MTA style
content filter applications, the filter can be simplified if it can
delegate decisions concerning mail relay and other access control to the
MTA. This is especially useful when the filter acts as a transparent proxy
for SMTP commands. This requires that the filter can override the MTA's
idea of the SMTP client hostname, network address, and other information.
X�XC�CL�LI�IE�EN�NT�T C�Co�om�mm�ma�an�nd�d s�sy�yn�nt�ta�ax�x
Examples of client-server conversations are given at the end of this document.
In SMTP server EHLO replies, the keyword associated with this extension is
XCLIENT. It is followed by the names of the attributes that the XCLIENT
implementation supports.
The XCLIENT command may be sent at any time except in the middle of a mail
delivery transaction (i.e. between MAIL and DOT). The XCLIENT command may be
pipelined when the server supports ESMTP command pipelining.
The syntax of XCLIENT requests is described below. Upper case and quoted
strings specify terminals, lowercase strings specify meta terminals, and SP is
whitespace. Although command and attribute names are shown in upper case, they
are in fact case insensitive.
xclient-command = XCLIENT 1*( SP attribute-name"="attribute-value )
attribute-name = ( NAME | ADDR | PROTO | HELO )
* The NAME attribute specifies an SMTP client hostname (not an SMTP client
address), [UNAVAILABLE] when client hostname lookup failed due to a
permanent error, or [TEMPUNAVAIL] when the lookup error condition was
transient.
* The ADDR attribute specifies an SMTP client numerical IPv4 network address,
an IPv6 address prefixed with IPV6:, or [UNAVAILABLE] when the address
information is unavailable. Address information is not enclosed with [].
* The PROTO attribute specifies either SMTP or ESMTP.
* The HELO attribute specifies an SMTP HELO parameter value, or the value
[UNAVAILABLE] when the information is unavailable.
Note 1: syntactically valid NAME and HELO attributes can be up to 255
characters long. The client must not send XCLIENT commands that exceed the 512
character limit for SMTP commands. To avoid exceeding the limit the client
should send the information in multiple XCLIENT commands.
Note 2: [UNAVAILABLE], [TEMPUNAVAIL] and IPV6: may be specified in upper case,
lower case or mixed case.
The XCLIENT server reply codes are as follows:
_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
|C�Co�od�de�e|M�Me�ea�an�ni�in�ng�g |
|_� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� |
|250 |success |
|_� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� |
|501 |bad command parameter syntax |
|_� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� |
|503 |mail transaction in progress |
|_� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� |
|421 |unable to proceed, disconnecting|
|_� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� |
X�XC�CL�LI�IE�EN�NT�T E�Ex�xa�am�mp�pl�le�es�s
In the first example, the client impersonates a mail originating system by
passing all SMTP session information via XCLIENT commands. Information sent by
the client is shown in bold font.
220 server.example.com ESMTP Postfix
E�EH�HL�LO�O c�cl�li�ie�en�nt�t.�.e�ex�xa�am�mp�pl�le�e.�.c�co�om�m
250-server.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-XCLIENT NAME ADDR PROTO HELO
250 8BITMIME
X�XC�CL�LI�IE�EN�NT�T N�NA�AM�ME�E=�=s�sp�pi�ik�ke�e.�.p�po�or�rc�cu�up�pi�in�ne�e.�.o�or�rg�g A�AD�DD�DR�R=�=1�16�68�8.�.1�10�00�0.�.1�18�89�9.�.2�2 P�PR�RO�OT�TO�O=�=E�ES�SM�MT�TP�P
250 Ok
X�XC�CL�LI�IE�EN�NT�T H�HE�EL�LO�O=�=s�sp�pi�ik�ke�e.�.p�po�or�rc�cu�up�pi�in�ne�e.�.o�or�rg�g
250 Ok
M�MA�AI�IL�L F�FR�RO�OM�M:�:<�<w�wi�ie�et�ts�se�e@�@p�po�or�rc�cu�up�pi�in�ne�e.�.o�or�rg�g>�>
250 Ok
R�RC�CP�PT�T T�TO�O:�:<�<u�us�se�er�r@�@e�ex�xa�am�mp�pl�le�e.�.c�co�om�m>�>
250 Ok
D�DA�AT�TA�A
354 End data with <CR><LF>.<CR><LF>
.�. .�. .�.m�me�es�ss�sa�ag�ge�e c�co�on�nt�te�en�nt�t.�. .�. .�.
.�.
250 Ok: queued as 763402AAE6
Q�QU�UI�IT�T
221 Bye
In the second example, the client impersonates a mail originating system by
sending the XCLIENT command before the EHLO or HELO command. This increases the
realism of impersonation, but requires that the client knows ahead of time what
XCLIENT options the server supports.
220 server.example.com ESMTP Postfix
X�XC�CL�LI�IE�EN�NT�T N�NA�AM�ME�E=�=s�sp�pi�ik�ke�e.�.p�po�or�rc�cu�up�pi�in�ne�e.�.o�or�rg�g A�AD�DD�DR�R=�=1�16�68�8.�.1�10�00�0.�.1�18�89�9.�.2�2
250 Ok
H�HE�EL�LO�O s�sp�pi�ik�ke�e.�.p�po�or�rc�cu�up�pi�in�ne�e.�.o�or�rg�g
250 server.example.com
M�MA�AI�IL�L F�FR�RO�OM�M:�:<�<w�wi�ie�et�ts�se�e@�@p�po�or�rc�cu�up�pi�in�ne�e.�.o�or�rg�g>�>
250 Ok
R�RC�CP�PT�T T�TO�O:�:<�<u�us�se�er�r@�@e�ex�xa�am�mp�pl�le�e.�.c�co�om�m>�>
250 Ok
D�DA�AT�TA�A
354 End data with <CR><LF>.<CR><LF>
.�. .�. .�.m�me�es�ss�sa�ag�ge�e c�co�on�nt�te�en�nt�t.�. .�. .�.
.�.
250 Ok: queued as CF1E52AAE7
Q�QU�UI�IT�T
221 Bye
S�Se�ec�cu�ur�ri�it�ty�y
The XCLIENT command changes audit trails and/or SMTP client access permissions.
Use of this command must be restricted to authorized SMTP clients. However, the
XCLIENT command should not override its own access control mechanism.
S�SM�MT�TP�P c�co�on�nn�ne�ec�ct�ti�io�on�n c�ca�ac�ch�hi�in�ng�g
XCLIENT attributes persist until the end of an SMTP session. If one session is
used to deliver mail on behalf of different SMTP clients, the XCLIENT
attributes need to be reset as appropriate before each MAIL FROM command.