Postfix XCLIENT Howto
Purpose of the XCLIENT extension to SMTP
The XCLIENT command targets the following problems:
XCLIENT Command syntax
Examples of client-server conversations are given at the end of this document.
In SMTP server EHLO replies, the keyword associated with this extension is XCLIENT. It is followed by the names of the attributes that the XCLIENT implementation supports.
The XCLIENT command may be sent at any time except in the middle of a mail delivery transaction (i.e. between MAIL and DOT). The XCLIENT command may be pipelined when the server supports ESMTP command pipelining.
The syntax of XCLIENT requests is described below. Upper case and quoted strings specify terminals, lowercase strings specify meta terminals, and SP is whitespace. Although command and attribute names are shown in upper case, they are in fact case insensitive.
Note 1: syntactically valid NAME and HELO attributes can be up to 255 characters long. The client must not send XCLIENT commands that exceed the 512 character limit for SMTP commands. To avoid exceeding the limit the client should send the information in multiple XCLIENT commands.
Note 2: [UNAVAILABLE], [TEMPUNAVAIL] and IPV6: may be specified in upper case, lower case or mixed case.
The XCLIENT server reply codes are as follows:
In the first example, the client impersonates a mail originating system by passing all SMTP session information via XCLIENT commands. Information sent by the client is shown in bold font.
220 server.example.com ESMTP Postfix EHLO client.example.com 250-server.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-XCLIENT NAME ADDR PROTO HELO 250 8BITMIME XCLIENT NAME=spike.porcupine.org ADDR=22.214.171.124 PROTO=ESMTP 250 Ok XCLIENT HELO=spike.porcupine.org 250 Ok MAIL FROM:<firstname.lastname@example.org> 250 Ok RCPT TO:<email@example.com> 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> . . .message content. . . . 250 Ok: queued as 763402AAE6 QUIT 221 Bye
In the second example, the client impersonates a mail originating system by sending the XCLIENT command before the EHLO or HELO command. This increases the realism of impersonation, but requires that the client knows ahead of time what XCLIENT options the server supports.
220 server.example.com ESMTP Postfix XCLIENT NAME=spike.porcupine.org ADDR=126.96.36.199 250 Ok HELO spike.porcupine.org 250 server.example.com MAIL FROM:<firstname.lastname@example.org> 250 Ok RCPT TO:<email@example.com> 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> . . .message content. . . . 250 Ok: queued as CF1E52AAE7 QUIT 221 Bye
The XCLIENT command changes audit trails and/or SMTP client access permissions. Use of this command must be restricted to authorized SMTP clients. However, the XCLIENT command should not override its own access control mechanism.
SMTP connection caching
XCLIENT attributes persist until the end of an SMTP session. If one session is used to deliver mail on behalf of different SMTP clients, the XCLIENT attributes need to be reset as appropriate before each MAIL FROM command.