> 1. "I still can send mail without authenticating"
>
> Read RFC2554. SMTP AUTH is just an OFFER for the client to
> authenticate
> itself to get relaying permissions. If he already has
> relaying permissions
> (through IP-based selective relaying aka tcpserver for
> example) he wins
> nothing through the authentification.
Well, this isn't entirely true, due to a bug in Netscape. The problem with
Netscape is that, if the server advertises (via EHLO) that it supports AUTH,
then Netscape Messenger ALWAYS tries to authenticate and ALWAYS refuses to
proceed if it doesn't pass. There's no check box to tell Netscape when to
use AUTH and when not to. So, for a person with no SMTP AUTH account setup
on the server, if you upgrade qmail-smtpd with the AUTH patch, they will not
be able to send mail.
This is the problem we just went through :(
Dave
