*snip*
>
>I'm assuming that this is a message submission host - given that clients
>are *required* to authenticate.
>
>> And it should probably be clarified by the OP if this is primarily about
>> MTA-MTA 'peer' traffic exchange, or sometimes/never/always appplicable to
>> MUA MSA submission connections.
>
>When Beber said "Cause I want that people USE auth", I took that to mean
>that this is an MSA server.
>
Likewise. But an MSA server to what sort of *client* to the MSA functionality?
i.e.
- internal/sibling MX in your own load-balancing, segregated incoming/
outgoing, prioritized, or 'failover' pool, distant but approved
'relay_from_hosts'?
(might - just perhaps - justify some out-of-the-ordinary / 'extra'
checks. Probably at least exhibit 'predictable' behaviour.)
- end-user MUA's
(unpreditable, almost certain to break many of the sloppy ones, and no
certainty of improvement in security)
Either way, 'other and better means' than looking for a misplaced 'HELO'.