I'm having a hard time determining if this is expected behavior or if we have something misconfigured in SM. For SMTP in we have Allow Relay set to Nobody and Enabled domain's SMTP auth enabled. If I telnet directly to the alternate SMTP port of our server I get the standard greeting:
250-[servername] Hello [ip]
250-AUTH LOGIN CRAM-MD5
If I do a MAIL FROM command and specify a domain that is hosted by SM I get:
550 Authentication is required for relay
But if I specify any other random, made up email address I am allowed to go on to specify the RCPT, DATA, etc and SM will accept the message. Checking the logs the majority of them seem to get trapped by the spam checks and deleted, but I am wondering why it accepted the message in the first place? Shouldn't SM reject any message from any unauthenticated user? Seems strange that it would accept it and jump through all the hoops of spam checks when it shouldn't have to so I'm inclined to think I'm missing something somewhere. Thanks.