I have sendmail running with SMTP Auth. I want my users to receive emails without any problems, but I want to restrict them from sending emails using their account on my server. The reason is that all emails that are being sent from within our network to the outside world are being sent using one email account, regardless of who sent it.

I want to prevent a situation where a spammer somehow gets the password of one of my users and use that to send spam, which has happened in the past.

But this is not all. Sometimes a user needs to access webmail, which is on my server also, (e.g. when travelling) and then he needs to be able to send emails also. So, I want to have a solution where I can easily switch on/off the ability for a user to send emails without affecting his ability to receive emails.

Can this be easily done with sendmail? Or can it be done at all?

I'm a bit confused with the sendmail configuration file, so I'm hoping for a solution that doesn't require a change in the sendmail configuration file.
However, if I need to change only one or two lines in the sendmail configuration file to get this accomplished, I don't mind doing that, as long as it doesn't get too complicated.