Wagner, not only when FROM and TO are the same, but also when FROM and TO are different, as long as TO belongs to a local domain. Plesk will aways send messages to local domains whitout asking for credentials... Ok, I know... that's the expected behaviour, otherwise will not be able receive messages from outside. But wait. Many Qmail servers I've know do require for authentication even if you're sending messages to a local domain. And they do that for a good reason I think. What are the difference? Patches?
I'll try to elaborate with an example:
Take one of your Plesk box and do the following (with command prompt):
01: telnet YOURPLESKBOX.COM 25
02: 220 YOURPLESKBOX.COM ESMTP
03: helo
04: 250 YOURPLESKBOX.COM
05: mail from:
[email protected]
06: 250 ok
07: rcpt to:
[email protected]
08: 250 ok
09: data
10: 354 go ahead
11: subject=test
12: content
13:.
14: 250 ok 1149023436 qp 11545
15: quit
16: 221 YOURPLESKBOX.COM
17: Connection closed by foreign host.
Message is delivered without authentication. For a more realist test, you can use an e-mail client (ie. Outlook) to send messages claiming to be "
[email protected]" (or worst: claiming to be a local user - TO=FROM - bypassing SPF and other checks), and, of course, using *no* authentication at all.
You only need to specify your Plesk IP or host address as SMTP server and you're ready to inject anything into local domains, whitout being prompt for credentials.
Again: this is a expected behaviour - if you want to receive external messages - but yet, it's definitively not a common thing among many SMTP servers I've know.
Try for for yourself with other SMTP servers you know (ie: know ISP, companies and others). You *wont* be able to send messages to local domains without providing credentials. I have one Qmail server that shows that. It's IP is 200.234.205.147, and "hubner.org.br" is a local domain. Feel free to test. You'll se that even if the message is destinated to a local domain (hubner.org.br), Qmail will aways ask for authentication, returning an error message: "553 THIS SERVER IS TO BE USED WITH AUTHENTICATION (#5.7.1)" if you didn't provide one. And yes, I do receive messages from anybody in this server, it's not a close relay.
That's what I want to do with Plesk.
James: yes, I'm using authentication under Plesk "Mail" settings
UPDATE: I believe Plesk 8.0 behaviours the same.