> > >We need to enable SMTP AUTH for all of our clients -- we've found some > > >device/person (IP) on the outside of our network spoofing emails to lists > > >by the few users who are authorized list posters. > > > > However, I don't believe that will prevent people from sending mail to the > > list using forged return addresses, since SMTP AUTH only applies to > > outgoing (relayed) E-mail. > >In reply, doesn't IMail (SMTP AUTH) not allow email to be relayed unless a >password is supplied during login? If that is true -- then how could >someone forge a return address without having a password to send mail?
If you require SMTP AUTH, then users have to supply a valid E-mail address and password. However, that only applies to *relayed* mail (outgoing mail). For incoming mail (such as to a mailing list), SMTP AUTH is not required (or else you wouldn't be able to receive any mail from anyone who didn't have an account on the server). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .