> Let's assume that server A has postfix with authorization (Cyrus SASL).
> Server B has postfix without auth.
> User UA has account on A (and use smtp A).
> User UB has account on B (and use smtp B).
> User UB sends mail to UA. How is it possible that server A with auth
> accepted mail to UA from server B ? (what login/password server B gave?).
> How the A knows that this was server B sending message to user on server A ?
> It is possible that A (with auth) will accept any mail to it's own users
> (you do not need to give login/password) ??
Passively accepting forwarded/delivered mail is the general rule.
Quote:> So in what cases do we use that authentication ?
> (when i try to relay mail only??)
Authentication is usually only used when _retrieving_ mail, not when
sending. Some ISPs require a retrieval attempt (which requires
authentication) just prior to sending mail as a kind of halfway
authorization to send. Most just use acls (access control lists)
based on IP address when sending mail.
Someone posting mail to a server (with or without authentication) is a
separate proccess/issue from mail _servers_ forwarding/exchanging mail
to/between each other.
Thus, user UA authenticates to serverA and posts mail or is denied.
ServerA decides if it can _deliver_ mail to recipient's mailbox. If
so, it places mail in recipient's mailbox. If not, it must forward
the mail to another server down the line (or refuse the request
entirely). The server it forwards to may or may not require serverA
to authenticate. This continues till the mail arrives at the server
that _can_ deliver the mail to the recipient's mailbox (serverB, in
this example, delivering mail to user UB).
This is why DNS uses MX (Mail eXchange) records to denote which mail
servers provide mail delivery to different domains. The traffic
_between_ mail servers can be viewed as routing mail in a fashion
similar to routing IP packets.
For the purposes of _sending_ mail, most ISPs and servers use acls
(based on IP address) to decide if and how to deliver/forward mail.
Authentication, if it's required, is usually restricted to the input
side, ie., the user sending the mail is accepted/denied first thing.
Servers authenticating to each other is usually used in "special"
email above disabled