This is an escape hatch I'm not using yet.
## Make sure that the local part is one that the authenticated sender
## is allowed to claim.
deny message = Sender address forbidden to calling user
+ !condition = \
+ ${if exists {CONF_sysconf_dir/auth-sender.conf} \
+ {${lookup {$acl_c_user} \
+ lsearch \
+ {CONF_sysconf_dir/auth-sender.conf} \
+ {${if match_address \
+ {$sender_address} \
+ {+value}}} \
+ {false}}}}
!condition = ${LOOKUP_DOMAIN($sender_address_domain,
{${if and {{match_local_part \
{$acl_c_user} \
localpartlist dom_locals = ${expand:KV(locals, {$value}{+user_extaddr})}
localpartlist user_extaddr = ^CONF_user_extaddr_regexp
addresslist user_extaddr = ^CONF_user_extaddr_regexp
+addresslist value = $value
## All of the `standard' local parts which ought to be provided by a domain.
localpartlist required = postmaster : abuse
addresslist wrong_domain = ! *@+public
addresslist wrong_address = +wrong_local : +wrong_domain
untrusted_set_sender = : \
+ ${if exists {CONF_sysconf_dir/auth-sender.conf} \
+ {${lookup {$sender_ident} \
+ lsearch {CONF_sysconf_dir/auth-sender.conf} \
+ {$value}}}} : \
${LOOKUP_DOMAIN($sender_address_domain,
{${if and {{match_local_part {$sender_ident} {+dom_users}} \
{match_local_part {$sender_address_local_part} \