Dear, as per default configuration we have the mynetworks as follows: mynetworks = 127.0.0.0/8 [::1]/128 public.ip.of.the.server. In that way with a standard phpmailer library (https://github.com/PHPMailer/PHPMailer) is it possible to connect from outside, to the server of the domain and send mail to the local user of the server. That without any authention. In addiction of that, the email sent in that way doesn't go attraverso the antispam. I think that this is a pretty bad behaviour. Spammers know that trick, and use them to inoculate spam (it's pretty simple). How we can solve that problem (eg. could be a good idea empty the "mynetworks" variable? or it's there a way to force authentication also for local email?) Thank you.