Skip to content

allow_xclient

Since: Version 2025.10.06-5ec871ab

The functionality described in this section requires version 2025.10.06-5ec871ab of KumoMTA, or a more recent version.

Danger

Take care to apply this ONLY in an appropriate peer block, otherwise you risk a variety of security/authentication related bypasses.

When set to true, allows the connected session to use the XCLIENT ESMTP extension.

XCLIENT is used primarily in testing environments to facilitate validation of authentication checks that are based upon the IP address of the peer or the server itself.

KumoMTA supports the following XCLIENT attributes:

  • ADDR and PORT: cause the received_from metadata to change to reflect the specified address and/or port.
  • DESTADDR and DESTPORT: cause the received_via metadata to change to reflect the specified address and/or port.

None of the other XCLIENT attributes are supported at the time of writing.

After XCLIENT has been successfully negotiated, the ESMTP listener re-evaluates the parameters (especially the via and peer blocks), and triggers smtp_server_get_dynamic_parameters to ensure that all the listener configuration has been updated to match the adjusted via and from addresses.

kumo.start_esmtp_listener {
  -- Always use an appropriate `peer` block to scope XCLIENT to
  -- networks that you trust at the highest levels
  peer = {
    ['127.0.0.1'] = {
      allow_xclient = true,
    },
  },
}