a1@example.com: user1@mydomain.coma2@other.example.com: user1@mydomain.co

1. a1@example.com: user1@mydomain.com
2. a2@other.example.com: user1@mydomain.com
3. a3@example.com: a4@example.com
4. a4@example.com: user1@mydomain.com
5.  
6. a5@example.com: user2@mydomain.com
7.  
8. accept
9. authenticated = *
10. verify = sender
11. logwrite = authenticated user '$authenticated_id' sending as '$sender_address' which
12. is '$sender_address_data' or '$address_data', if error: '$sender_verify_failure'
13.  
14. authenticated user 'user1' sending as 'a5@example.com' which is '' or '', if error: ''
15.  
16. real_local:
17. driver = accept
18. domains = +local_domains
19. local_part_prefix = real-
20. check_local_user
21. transport = LOCAL_DELIVERY
22. # Set this so acl can use it
23. address_data = ${local_part}
24.  
25. acl_smtp_mail = acl_check_sender_vs_auth
26.  
27. # Ensure that the MAIL FROM: address matches what the authenticated
28. # user is, if authentiation is used
29. acl_check_sender_vs_auth:
30. accept
31. authenticated = *
32. # verify MUST be above condition to resolve $sender_address_data
33. verify = sender
34. condition = ${if eqi{$authenticated_id}{$sender_address_data}{yes}{no}}
35. endpass
36. logwrite = AUTH OK - authenticated user '$authenticated_id' sending email from '$sender_address', which belongs to '$sender_address_data'
37.  
38. deny
39. authenticated = *
40. # verify MUST be above condition to resolve $sender_address_data
41. verify = sender
42. !condition = ${if eqi{$authenticated_id}{$sender_address_data}{yes}{no}}
43. message = User '$authenticated_id' tried to send mail from '$sender_address', but that email address belongs to someone else
44. logwrite = AUTH ERROR - authenticated user '$authenticated_id' tried sending from '$sender_address', but that address belongs to '$sender_address_data'
45.  
46. accept