On 8/21/19 8:47 AM, Selmeci Tamás wrote:
> On Wed, 21 Aug 2019 08:19:24 +0200 Martijn van Duren
> <[email protected]> wrote:
>
>> From smtpd.conf(5):
>>
>> auth-optional [<authtable>]
>> Support SMTPAUTH optionally: clients need not
>> authenticate, but may do so. This allows a listen on
>> directive to both accept incoming mail from untrusted
>> senders and permit outgoing mail from authenticated
>> users
>> (using match auth). It can be used in situations where
>> it is not possible to listen on a separate port (usually
>> the submission port, 587) for users to authenticate.
>
> Sounds good, but unauthenticated relaying still works with this...
>
auth-optional [<authtable>]
...snip...
(using match auth)
...snip...
match options action name
If at least one mail envelope matches the options of one match
action directive, receive the incoming message, put a copy into
each matching envelope, and atomically save the envelopes to the
mail spool for later processing by the respective dispatcher
name.
...snip...
[!] auth
Matches transactions which have been authenticated.
