Hi I have a (formerly?) clean installation of ISPConfig 2.9 on Debian 8 upgraded to 3.1 on 9.9 How do I prevent web users (php scripts) from spoofing email "from" addresses? I want to limit web users to send only email "originating" from their domains, now they are able to use sendmail with any "from" address. I don't want to disable sendmail for users as I feel it is too restrictive and easily circumventable. I have already configured something like this for SMTP sending using reject_sender_login_mismatch.
