> >> How do I enforce that ? > > Don't give your users login rights on your mail server. > > what about webmail ? :) > > (sendt from 127.0.0.1 to 0.0.0.0 ip will get catched by permit_mynetworks, > but not by permit_auth* unless its smtp authed) >
Webmail is fine as users anyhow need to login. I am more concerned for Outlook client users