Vincenzo,
An interesting problem, and one which has no obvious answer.
The problem is that it is not possible to carry out an authentication conversation
with the sender when the mail is being processed, it is too late by then.
Unfortunatly applying SMTP AUTH to mail for local delivery, while fairly easy*, would
have the effect of preventing external senders sending mail to your domain. Senders,
including intermediate MTA's, would have to know how to authenticate.
You might try embedding pgp, or another public/private key technology, so that your
mailet can verify the signature on messages.
I think that your task might be impossible, if you can't trust the sender address, or
the SMTP sender from the Mail object, then anything else can be faked too.
d.
* Remove the domain from the servernames, so that James thinks your mail is for remote
delivery, james will then make the sender authenticate, now replace the
RecipientIsLocal matcher with HostIs in the local delivery mailet. James now will
demand AUTH for local mail, but will deliver it locally and not try to send it any
further.
For completeness you would need to work out how to deal with mail to a non-existent
user of the domain, solving this problem is left as an excercise for the reader..
(tip: use a new processor for local delivery) ;-)
