On 8/21/19 8:47 AM, Selmeci Tamás wrote: > On Wed, 21 Aug 2019 08:19:24 +0200 Martijn van Duren > <opensm...@list.imperialat.at> wrote: > >> From smtpd.conf(5): >> >> auth-optional [<authtable>] >> Support SMTPAUTH optionally: clients need not >> authenticate, but may do so. This allows a listen on >> directive to both accept incoming mail from untrusted >> senders and permit outgoing mail from authenticated >> users >> (using match auth). It can be used in situations where >> it is not possible to listen on a separate port (usually >> the submission port, 587) for users to authenticate. > > Sounds good, but unauthenticated relaying still works with this... > auth-optional [<authtable>] ...snip... (using match auth) ...snip...
match options action name If at least one mail envelope matches the options of one match action directive, receive the incoming message, put a copy into each matching envelope, and atomically save the envelopes to the mail spool for later processing by the respective dispatcher name. ...snip... [!] auth Matches transactions which have been authenticated.