The authenticated relayed example does NOT actually required authentication to relay.
The docs suggest a similar setup that is INSECURE.
This is a major issue, people will implement their system incorrectly. It will look like it works as using wrong login/password will correctly reject, but using no auth at all will incorrectly accept incoming mail.
This can be fixed for example by checking session.authenticated in handle_RCPT or handle_DATA.
The authenticated relayed example does NOT actually required authentication to relay.
The docs suggest a similar setup that is INSECURE.
This is a major issue, people will implement their system incorrectly. It will look like it works as using wrong login/password will correctly reject, but using no auth at all will incorrectly accept incoming mail.
This can be fixed for example by checking
session.authenticatedinhandle_RCPTorhandle_DATA.