> Just as with SMTP, security [with SMTP-submit] is optional. See > RFC 4409 for details on the protocol.
4.3. Require Authentication The MSA MUST by default issue an error response to the MAIL command if the session has not been authenticated using [SMTP-AUTH], unless it has already independently established authentication or authorization (such as being within a protected subnetwork). In other words, SMTP-submit MUST use authentication, but the authentication may be something as weak as deciding depending on the IP address. Folks, unless you are running on a network that allows unauthenticated SMTP-auth, please allow port 587 in your exit policy. Juliusz