>> As you can see this is a spammers dream, I must be missing something,
>Why is this a spammers dream? It does not allow unauthenticated hosts
>to send mail to arbitrary addresses, only to local ones.
I see this as a problem because anyone from anywhere can "pretend" to be
me, as the from address
and send to any user at any local domain without being required to
authenticate with a password
in thier mail client and the message gets delivered.
Am I missing something?
In reading
http://www.exim.org/viewvc/exim/exim-doc/doc-txt/Exim4.upgrade?revision=1.1&view=markup
**The auth_hosts option has been abolished; this functionality is now
controlled by ACLs.
**. The auth_always_advertise option has been abolished because it depended
on
auth_hosts and and host_auth_accept_relay, both of which are no more. In
its
place there is a new option called auth_advertise_hosts, whose default
value
is *, meaning "advertise AUTH to all".
Hmm, any reason "host_auth_accept_relay" option would not do what is
needed to plug the hole in SMTP ?
The next question is what ACL option does the same thing? ie; no smtp
without password?