Hi .. Probably known already .. but definitely NOT SAFE. Issue: -------- It is possible for admins / clients and domain owners to create a mailname with a mailbox WITHOUT a password. When ignorant users do this .. spammers can take advantage of this to login to the SMTP service and use the server to spam. More worst case scenarios can be possible also i guess. So please fix this asap ! But the option to make mailnames without a password and without a mailbox WOULD BE pretty handy i guess (for redirects).