On 28/Feb/12 13:05, Arnt Gulbrandsen wrote:
3. We'll restrict From and the smtp sender addresses to ones
explicitly connected to the SASL/Submit user.
IMHO, forcing the login ID to match any world-readable outgoing header
field is not a tremendous security improvement. Most MUAs allow to
configure From: with whatever (unverified) address.