==== Required information ====
- iRedMail version: 1.1.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Centos 5.4
- Related log if you're reporting an issue:
====

Hi,

Let me explain my scenario. Firstly, we found out that Our mail server is able to be forged by spammer when they have successfully acquired anyone of the user mailbox credentials.

Scenario 1:
1.Able to send to invalid domain(Domain is valid in whois but not created in Iredmail). User is invalid but authenticated with user mailbox which are valid and created in Iredmail.

After investigating, this was solved after adding "smtpd_sender_restrictions = reject_sender_login_mismatch , permit_sasl_authenticated , permit_mynetworks"

After that I face another issue whereby when sending out using another SMTP server, the error appears as "Sender address rejected: not logged in"

mynetworks = 192.168.10.54 /192.168.10.7, 127.0.0.0/8

The 192.168.10.54 is the Iredmail server. When I point pop and smtp to this host, I was able to send out email to the local users created in Iredmail and external such as google or yahoo. IT's OK

There are some users will need to point to another outgoing server which is 192.168.10.7. 192.168.10.7 is authenticated by the 192.168.10.54 Ldap. If sending from smtp server 192.168.10.7 to same local user. Example sending email from abc@abc.com to abc@abc.com, I am receiving "Sender address rejected: not logged in" error. ESnding to external domain such as gmail,hotmail or other domain which is not reside in the 192.168.10.54 pop server is OK.

Appreciate your advise. Thanks