On Wed, 2007-09-19 at 22:23, [EMAIL PROTECTED] wrote: > On Wed, 19 Sep 2007, [EMAIL PROTECTED] wrote: > > > Anyway, I think I've fixed it today. The latest plugin config file > > uses the auth plugins, those plugins upon closer inspection say not to > > use them in production. Anyway, the upshot is that any spammer can > > relay if they login, as it were. > > And any spammer can login on your system?
That's my point. From what I can gather, the install of qpsmtpd from trunk (at least from a few weeks ago) enables the authnull plugin which authenticates anyone no matter what they type. So in answer to your question, yes. I only noticed that it was relaying because of the large queue to addresses that didn't exist. > > Perhaps the trunk plugin config should have them commented out, as this > > is probably not what anyone wants. > > Most (maybe all) people who want auth want it so that those who can login > are able to relay. Most (maybe all) people who want auth want it so that not just any tom dick or harry can log in. I haven't posted this to criticise or for an argument. Only to record in the archives for anyone else that happens to notice they can be a relay, hopefully before their domain is blacklisted. John
