what do you mean at ACM time?
i can deny something at any stage by having a bad condition?
> On Fri, 19 Mar 2004, Eric Rutherford wrote:
>
> > does anyone know how to prevent this? its like spoofing but even more
> > convincing because it comes from the real server. is there a way to
> > make sure the name they are sending with is the same as the username
> > they authenticated with?
>
> The name they authenticated with can be saved in $authenticated_id (your
> config seems to do this). So you can check at ACL time:
>
> deny message "You must send as the id you authenticate with"
> authenticated = *
> condition = ${if eq
{$authenticated_id}{$sender_address_local_part}\
> {no}{yes}}
>
> This is off the top of my head, and untested.
>