I'm evaluating alternatives to our current messaging system (Domino).

A fair amount of the user base interact with the current system via fat clients, mainly Thunderbird and Outlook. After some cases of "internal" forgery (with users sending messages with forged "MAIL FROM:" or "From:" headers) we turned on SMTP authentication.

The authentication process is carried out only if the name of the server is not registered in the dns or the ip of the node connecting to the smtp server is not enrolled in a list of "known" peers (mainly other MTAs).

In Domino I can tell to the smtp task to refuse every message sent in an authenticated smtp session if the sender used as argument of "MAIL FROM:" commands or "From:" tags (sent after "DATA" and before "Subject:") is not the one authenticated by the system for the current session.

In standard posftix distributions I can perform a "conditional" authentication (based on ip) and control the sender is the one that logged in (against a file db and not for the header "hidden" in the message body), but the last time I checked (to be honest not recently) even those not very flexible implementations were only partially supported "hacks".

How Zimbra "as a whole" implements this requirement today ?

Best regards