The thing is, it's not asking for a username or password. Here's an SMTP session, edited to remove actual domain names and IP addresses:
SMTP< 220 mail.mydomain.com ESMTP Exim 3.36 #1 Fri, 31 Oct 2003 09:29:28 -0800
SMTP> HELO my.local.domain
SMTP< 250 mail.mydomain.com Hello my.local.domain [XX.XX.XX.XX]
SMTP> MAIL FROM: <
[email protected]>
SMTP< 250 <
[email protected]> is syntactically correct
SMTP> RCPT TO: <
[email protected]>
SMTP< 250 <
[email protected]> is syntactically correct
SMTP> DATA
SMTP< 354 Enter message, ending with "." on a line by itself
SMTP> . (EOM)
SMTP< 250 OK id=1AFd5X-000499-00
SMTP> QUIT
SMTP< 221 mail.mydomain.com closing connection
I did receive the email that was sent this way. Neither the mail from nor the rcpt to domains are on the server.
When I tried to send the mail through a different (non-DA) server, I got the expected relaying denied message.