All, I'd been sort of vaguely wondering for a while (others have asked, too) if it were possible to create internal-only users (who can only send to users at local domains). This feature would be helpful for temps, for instance, for whom external access is not a perk. (Problem is that POP3 creds double as SMTP AUTH creds.)
Not that this solves it completely, but I found that if you clear a user's password from the Registry, POP3D doesn't care that they have a blank password, but SMTPD will not let them AUTH (since it can't be hashed, presumably). So as long as you already require AUTH from all relaying humans (as I think you already should), with their MUA not set to send AUTH creds, they can only send local mail. And if they try to hack their MUA to AUTH, no dice. Yes, yes, yes...of course, this also means that they have no password, which means someone else could compromise their mailbox. An additional measure against this would be to set up friendly aliases that forward to unfriendly (e.g., [EMAIL PROTECTED]) actual addresses. No one would know what they're using to get their mail unless they had physical access to their MUA config (at which point they could read their messages anyway). And you also aren't really respecting their independence quite so much as it is; the type of user in question might not be getting/sending too much ultra-sensitive mail anyway. Not a big one, but could be useful. Tested on 6.06. Sandy ___| Sanford Whiteman, Chief Technologist ___| Broadleaf Systems + Support, Inc. ___| mailto:[EMAIL PROTECTED] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
