Hi all, I recently discovered a configuration issue on my system where a system user account had a blank rather than invalid or disabled password in the passwd/shadow database.?? The user could not be logged into through login/telnet/ssh because it was marked as a system account (uid < 100).? Dovecot also would not authenticate the user for the same reason.? However, I'm using exim using dovecot_login for authentication, and that would authenticate the user with a blank and allow me to be used as an open relay. This is clearly a config issue on my part (since fixed), but should dovecot_login guard against blank passwords or system users just as a normal login does? I'm running dovecot 2.2.36 (1f10bfa63) Exim version 4.96 I don't know which software supplies the dovecot_login connenector. The SMTP session would include AUTH LOGIN 334 VXNlcm5hbWU6 cG9zdGZpeA=334 UGFzc3dvcmQ6 ???????????? <--? nothing, just a return here 235 Authentication succeeded DONE