From what I see Chris wants any authentication to succeed, not a
proper authentication, since those users are not local users in the
usual sense.
First I would say that, contrary to what Chris stated, most ISP do
not use auth, as it is a configuration nightmare (mostly with win
based garb.).
Second, why do you want to use auth, since you are not using it... I
would instead not advertise AUTH, so that, if you are lucky, the
clients will *not* attempt to authenticate.
If you really want to use AUTH, it should be no problem to write the
required authenticators and have them always succeed, that will solve
any configuration problem even with the worst MUA. Just remember to
protect this by not just allowing authenticated clients that are not
in the local network (forwarded or not!).
And, I see from Terry email that there is no limit to the fantasy of
those damn SpamAssassin users in the naming of their headers... [I
want regex in headers_remove!]
Giuliano