I have been looking for a solution for some time to lock down the MAIL FROM for any user that authenticates using SMTP AUTH.

I would be happy for sendmail to either reject the smtp connection with "From address is not one of your addresses"

Alternatively it could simply rewrite the MAIL FROM as the auth user at localdomain, regardless of what they put in.

Is there any FEATURE or HACK to achieve this.

Currently it seems that authenticated users can easily spoof the MAIL FROM which must be wrong, particularly since they just authenticated as a specific local user. Just because they are trusted to relay does *not* mean they should be able to send from any address.

Any help appreciated.