I'm looking for a way to prevent accounts from sending email to anyone but those that are in a list of "approved" emails. The reason is to prevent confidential business information from being sent (either accidentally or intentionally) to the wrong people.

I've done a fair share of searching for a solution with limited success. Here's what I've found in the Wiki ...

RestrictPostfixRecipients
Restrict users to certain domain
Restrict sending to certain domains

The first seems like it's the reverse of what I'm looking for and it's easily spoofed by modifying the "From:" header. The other two look promising, but I need to limit on the specific email level not just the domain. In those setups email can be sent to anyone under the "somebusiness.com" domain. I'd rather limit it to a specific email address like "accounting@somebusiness.com" and all others would be rejected.

I'm kind of surprised that in today's business world there isn't an easier way to accomplish this. As far as Zimbra goes I'm thinking it would be nice to user the GAL and each accounts Address Book as the list of approved emails. This means that each account would have a read-only Address Book and only the admin could manage it.

In a perfect world my setup would be ...

domain: mycorp.com

account: president@mycorp.com
limits: no limit, can send email to anyone they like

account: secretary@mycorp.com
limits: only allowed to send emails to *@mycorp.com

account: salesman@mycorp.com
limits: can only email the company accounts and a list of approved recipients. this list would be read-only for them. in this case it would be something like ...
*@mycorp.com
contact@client1.com
contact@client2.com
...
contact@client9.com

Hopefully I've explained that clearly. I'd appreciate any feedback / suggestions.

Thanks.