by Howdy,
If ABC.COM is my SendMail domain, can somebody please consider the following
examples to help me understand why I'm having this fairly simple
inconsistency in behaviour?
MESSAGE 1
is subject to SASL AUTH due to nothing being specified in relay-domains and
access.db. All works just as configured.
MESSAGE 2
is NOT subject to any SASL AUTH and is delivered locally to abc.com without
ANY checks whatsoever.
I want ALL messages with a source address based on ABC.COM to be subject to
SASL AUTH at ALL times even if the target is ABC.COM as well. Otherwise,
given there is no restriction on who connects to my SMTP as specified in my
access.db (as per my configuration), somebody could simply spam all my users
as much as they like from any existing or made-up local ABS.COM address as
there is no AUTH required.
Furthermore as mentioned there at the end, where the user can use <made-up
username even when message is subject to AUTH. Although I'm aware that the
bogus name wouldn't match their AUTH login details, users really should be
prevented from doing this anyway.
I would appreciate any help. Thanks in advance.