I recently get much more phishing attempts and was wondering if I misconfigured ME or if it is by design. The headers of the phishing emails are:
Received: (qmail 8053 invoked by uid 99); 13 Jun 2017 17:24:24 -0000
From: =?utf-8?name of account holder= <[local account]@[local domain]>
To: "[name of account hodler]" <[other local account]@[same local domain]>
Reply-To: =?utf-8?B?Sm9zw6kgUGVydXJlbmEgTMOzcGV6?= <email@example.com>
Although ME is set up to not allow relay unless authenticated these messages still go through!
Is there anything I can change so it wont accept messages with local accounts in the FROM header unless the user is authenticated?