Author: Peter Bowyer Date: To: exim-users Subject: Re: [Exim] Smtp-auth for localhost?
Anand Renake <anandrenake@???> wrote: > Hi!
>
> If i am using exim 3/4 or any other MTA, is smtp-auth necessary for
> localhost also?
> Or do people keep smtp-auth for localhost itself too.
>
> If i have relaying disabled does SMTP-auth helps in any way for the
> local machine.
The same thinking applies to localhost as with any other IP or group of
IPs - if you trust anything that is running / might ever run on it to send
mail within your policies, then no need to worry. In the case of localhost,
this would imply that you trust your local security and all your users. And
remember, all auth does is ensure that the person/script sending the mail
knows a userid and a password - it doesn't mean they'll necessarily behave
responsibly.
If you have an unsafe script (eg PHP) on the local box, it will still be
unsafe if you enable auth and hard-code the id/password into the script.
> Are there any performance or speed issues if SMTP-auth is enabled
> i.e. all the clients _should_ authenticate thru various allowed
> smtp-auth mechanisms.