Ok, another potentially silly question:
Is it true that when a user is added to courier's userdb, that user can always relay through the mail server using their login/password? Is there a way to
Correct, and their identity is recorded in the headers.
turn this off so that users cannot relay, regardless of their authentication, and without having to add their IP address in smtpaccess?
Delete /usr/lib/courier/libexec/courier/modules/esmtp/authstart
No more authenticated ESMTP.
pgp00000.pgp
Description: PGP signature
