I have a Qmail ldap setup just as i posted here http://www.howtoforge.com/qmail-openldap-on-ubuntu
In this setup i am using following restriction.
:allow,RBL="",SENDERCHECK="STRICT",AUTHREQUIRED="" ,SMTPAUTH="",AUTHPREPEND="Authenticated:",RCPTCHEC K="",SANITYCHECK="",LOGLEVEL="3",REJECTEXEC="",BLO CKRELAYPROBE="",TARPITCOUNT="50",TARPITDELAY="300" ,MAXRCPTCOUNT="50",QS_SPAMASSASSIN="on",QMAILQUEUE ="/var/qmail/bin/qmail-scanner-queue.pl"
But after all these restriction i have a problem ..
I have two users in my domain abc and xyz. If user abc is authenticated and then try to send mail from xyz there is not restriction for that..
nitin@mail:~$ telnet mailserver 25
Connected to mailserver.
Escape character is '^]'.
220 mail.domain.com ESMTP
AUTH PLAIN AG5pdGluAG5pdGlu
235 nice to meet you
mail from: email@example.com
Which can be found in logs and report the user but there is no option to restriction at our end.
So have made some changes in SENDERCHECK functionality, If we have set the SENDERCHECK="STRICT" it will definitely check that mail from address is available in your ldap database but it also check that users mail from address it equal to authenticated user id.
Who it work
1. We need to run the patch on source code and recompile the qmail.
2. Then we have to configure a new variable "AUTHDOM" in tcp.smtp .
Still to work..
It only work for Qmail Ldap setup with single domain and you are using user-id for authentication (not mail-id).
Need to modify patch to work with virtual environment.