On Sun, 10 Jun 2007, william(at)elan.net wrote: > > Sendmail does not authenticate automatically or otherwise. What it does > is to use as RFC2821 MAIL FROM account of the user that invoked it or > when "-f" option is used puts out account of the user in the trace data. > > This is not authentication, this is reporting of the user data, so its > like you connecting to open relay mail system and that system properly > puts in Received line with ip address of where you connected from and then > forward your email without checking if you're allowed to relay or not. You seem to be confusing authentication and authorization. Sendmail authenticates local senders but does not (by default) have any controls over which users are authorized to send email. The same is true for the university email system that I help run: any account that exists (can be authenticated either as a Unix user on the old timesharing service or via SASL for modern message submission) is authorized to send email. Tony. -- f.a.n.finch <dot@xxxxxxxx> http://dotat.at/ HUMBER THAMES: NORTHERLY 3 OR 4. SLIGHT. FOG PATCHES AND SHOWERS. MODERATE OR GOOD, OCCASIONALLY VERY POOR. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf