Antonis Rizopoulos wrote, at 04/13/2009 09:55 AM: > When I connect to my server, from different networks, to port 25 I am > able to send emails to local users only without authenticate! It's like > bypassing Cyrus-SASL.
No, in this particular case it is not about you being allowed to *send* mail, it is about your users *receiving* mail addressed to them. There is a big difference. > I know, of course, that I cannot block access to that port and allow > only authenticated users to send emails, because I won't receive mails > from web sites. But I think this is a huge security issue for my mail > server. How so? The rest of the Internet can send messages to your users without authenticating. Why should your users be more restricted in this case? SMTP AUTH is about granting your users the privilege to use your server to relay mail to *external* domains.
