I would like to re-frame my Subject: "SMTP Authenticated user is able to impersonate anyone in rcpthosts".
You could re-frame it even more. Authenticated SMTP users can use any FROM address and submit mail for any host.
Some clients may have multiple from addresses going through a single authenticated session. Limiting them to the address they authenticated as may be too strict. Including it in the Received header is probably a more useful option.
-- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/