SMTP AUTH is an actual authentication mechanism, and requires both a username and password.Does SMTP Auth perform authentication based on username and password or just username?
Requiring just a username isn't considered authentication, and is exactly how spammers are able to take advantage of IMail's poor "Relay for local users" and "Relay for local hosts" options (because they don't need a password).
That would be very bad if it is true. Have you tried sending an E-mail without using SMTP AUTH to see if it goes through (which would indicate that SMTP AUTH isn't being used at all)?I was doing some testing and it appeared to not care if I sent an incorrect password; it only looked at the username. Has anyone else seen this?
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches both viruses and vulnerabilities in E-mail, with no annual licensing fees.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
