OK. I read through the section on authentication and spam admin.
I had a couple problems with the examples, as it was not clear why in some cases authentication was required and others not.
These are the default contents (ignoring 'extra' rules at end):
EXTENSIONS=AUTH,DSN,8BITMIME
RELAY accept 127.0.0.1
RELAY accept .foo.com
RELAY Log_Reject ALL
So AUTH is NOT required for mail that:
Orginiates from localhost
Orginiates from hosts who's IP addresses resolve to host.foo.com
These hosts can send mail FROM: anything as they are not authenticated.
All other IP addresses MUST successfully SMTP AUTH.
Once they do, they also can send mail FROM: anything.
I note that on page 218 that you should ADD the line:
AUTH_SUCCESS Accept ALL
Even though it seems that this is a default? Or is that only becuase of the previous line in the example:
AUTH_SUCCESS Header .pwd.scalix.com
That once you start doing AUTH_SUCCESS processing, it overrides the defaul, thus requiring the Accept ALL line?
So my user in domain bar.org, how is not on a host from domain foo.com will be asked to AUTH. Once AUTHed he can send any mail he wishes.