Is there a way somehow to set the SMTP sending on port 25 to always require authentication?
I know only 127.0.0.1 can relay but anybody can enter smtp commands via telnet and in this way of course send emails without authentication.
Don’t you think it is a security risk?
I personally think if set correctly, it should be fine, and is used in certain circumstances to detect issues or be notified of issues, but others may disagree, hence this is just my thoughts only, and of course, we set it so they can AUTH, and over TLS if required. Also, please remember, with TLS, if used, it first connects using port 25, then upgrades to TLS prior to any communication.
If you wish to check for open relay, which is what your referring too, I use external tests such as http://www.mailradar.com/openrelay/, which gve a good indicator and a good run of tests, which you have to remember, when admins test manually, they often forget that there connecting IP maybe treat differently, depending upon how they set up rules.
You can set spamdyke to require AUTH and reject if not AUTH, but please have a read about the spamdyke.conf file, and use spamdyke -help from ssh.
Also, I’m sure your aware, but just a reminder, to test you will need to encrypt your username and password when testing, base64 I think from memory and you have to invoke AUTH, and starttls if using TLS, but in the first instance, I would use port 25 for testing.
Also, if going to use TLS, you will need this in spamdyke.conf, so it can work with TLS
tls-certificate-file=/var/qmail/control/servercert.pem
If you want, we tested AUTH with TLS, and I can PM you a test account we used, so you can see how it works.