diff -Nrup exim-4.33/src/acl.c exim-4.33-folke/src/acl.c
--- exim-4.33/src/acl.c	2004-05-05 12:08:35.000000000 +0200
+++ exim-4.33-folke/src/acl.c	2004-06-04 13:42:24.000000000 +0200
@@ -35,7 +35,7 @@ follows. */
 enum { ACLC_ACL, ACLC_AUTHENTICATED, ACLC_CONDITION, ACLC_CONTROL, ACLC_DELAY,
   ACLC_DNSLISTS, ACLC_DOMAINS, ACLC_ENCRYPTED, ACLC_ENDPASS, ACLC_HOSTS,
   ACLC_LOCAL_PARTS, ACLC_LOG_MESSAGE, ACLC_LOGWRITE, ACLC_MESSAGE,
-  ACLC_RECIPIENTS, ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, ACLC_VERIFY };
+  ACLC_RECIPIENTS, ACLC_SENDER_DOMAINS, ACLC_SENDERCHECK, ACLC_SENDERS, ACLC_SET, ACLC_VERIFY };
 
 /* ACL conditions/modifiers: "delay", "control", "endpass", "message",
 "log_message", "logwrite", and "set" are modifiers that look like conditions
@@ -44,7 +44,7 @@ but always return TRUE. They are used fo
 static uschar *conditions[] = { US"acl", US"authenticated", US"condition",
   US"control", US"delay", US"dnslists", US"domains", US"encrypted",
   US"endpass", US"hosts", US"local_parts", US"log_message", US"logwrite",
-  US"message", US"recipients", US"sender_domains", US"senders", US"set",
+  US"message", US"recipients", US"sender_domains", US"sendercheck", US"senders", US"set",
   US"verify" };
 
 /* Flags to indicate for which conditions /modifiers a string expansion is done
@@ -68,6 +68,7 @@ static uschar cond_expand_at_top[] = {
   TRUE,    /* message */
   FALSE,   /* recipients */
   FALSE,   /* sender_domains */
+  FALSE,    /* sendercheck */
   FALSE,   /* senders */
   TRUE,    /* set */
   TRUE     /* verify */
@@ -366,7 +367,7 @@ while ((s = (*func)()) != NULL)
   /* For "set", we are now positioned for the data. For the others, only
   "endpass" has no data */
 
-  if (c != ACLC_ENDPASS)
+  if (c != ACLC_ENDPASS && c != ACLC_SENDERCHECK )
     {
     if (*s++ != '=')
       {
@@ -965,6 +966,32 @@ BAD_VERIFY:
 return ERROR;
 }
 
+/* This function implements the "sendercheck" condition.
+
+Returns:       OK        verification condition succeeded
+               FAIL      verification failed
+               DEFER     there was a problem verifying
+*/
+
+static int
+acl_sendercheck(void)
+{
+    int rc;
+    address_item *sender_vaddr = NULL;
+    HDEBUG(D_acl) debug_printf("----------- sendercheck ------------\n");
+    /* TODO: wenn authenticated_id in trusted_users dann OK */
+    if (!authenticated_id && Ustrlen(authenticated_id)<1){
+	HDEBUG(D_acl) debug_printf("User not authenticated\n");
+	rc = FAIL;
+    } else {
+	BOOL routed = FALSE;
+	sender_vaddr = deliver_make_addr(sender_address, TRUE);
+	rc = verify_address(sender_vaddr, NULL, vopt_senderauth, FALSE, &routed);
+    }
+    HDEBUG(D_acl) debug_printf("--------- sendercheck DONE ----------\n");
+    return rc;
+}
+
 
 
 
@@ -1282,6 +1309,10 @@ for (; cb != NULL; cb = cb->next)
     if (verb == ACL_WARN) *user_msgptr = NULL;
     break;
 
+    case ACLC_SENDERCHECK:
+    rc = acl_sendercheck();
+    break;
+
     default:
     log_write(0, LOG_MAIN|LOG_PANIC_DIE, "internal ACL error: unknown "
       "condition %d", cb->type);
diff -Nrup exim-4.33/src/macros.h exim-4.33-folke/src/macros.h
--- exim-4.33/src/macros.h	2004-05-05 12:08:36.000000000 +0200
+++ exim-4.33-folke/src/macros.h	2004-06-04 13:42:24.000000000 +0200
@@ -575,6 +575,7 @@ enum { v_none, v_sender, v_recipient, v_
 #define vopt_callout_random      0x0020   /* during callout */
 #define vopt_callout_no_cache    0x0040   /* disable callout cache */
 #define vopt_callout_recipsender 0x0080   /* use real sender to verify recip */
+#define vopt_senderauth		 0x0100
 
 /* Values for fields in callout cache records */
 
diff -Nrup exim-4.33/src/verify.c exim-4.33-folke/src/verify.c
--- exim-4.33/src/verify.c	2004-05-05 12:08:36.000000000 +0200
+++ exim-4.33-folke/src/verify.c	2004-06-04 13:42:24.000000000 +0200
@@ -745,9 +745,10 @@ BOOL allok = TRUE;
 BOOL full_info = (f == NULL)? FALSE : (debug_selector != 0);
 BOOL is_recipient = (options & vopt_is_recipient) != 0;
 BOOL expn         = (options & vopt_expn) != 0;
+BOOL senderauth   = (options & vopt_senderauth) != 0;
 
 int i;
-int yield = OK;
+int yield = senderauth ? FAIL : OK;
 int verify_type = expn? v_expn :
      address_test_mode? v_none :
           is_recipient? v_recipient : v_sender;
@@ -1025,7 +1026,7 @@ while (addr_new != NULL)
       }
 
     if (!full_info) return copy_error(vaddr, addr, FAIL);
-      else yield = FAIL;
+      else if (!senderauth) yield = FAIL;
     }
 
   /* Soft failure */
@@ -1048,8 +1049,9 @@ while (addr_new != NULL)
 
       fprintf(f, "%s\n", cr);
       }
-    if (!full_info) return copy_error(vaddr, addr, DEFER);
-      else if (yield == OK) yield = DEFER;
+    if (full_info){
+	if (yield == OK) yield = DEFER;
+    } else if (!senderauth) return copy_error(vaddr, addr, DEFER);
     }
 
   /* If we are handling EXPN, we do not want to continue to route beyond
@@ -1092,7 +1094,7 @@ while (addr_new != NULL)
     just a single new address as a special case, and continues on to verify the
     generated address. */
 
-    if (!full_info &&                    /* Stop if short info wanted AND */
+    if (!full_info && !senderauth &&     /* Stop if short info wanted AND */
          (addr_new == NULL ||            /* No new address OR */
           addr_new->next != NULL ||      /* More than one new address OR */
           testflag(addr_new, af_pfr)))   /* New address is pfr */
@@ -1106,9 +1108,26 @@ while (addr_new != NULL)
       vaddr->p.address_data = addr->p.address_data;
       return OK;
       }
+    if (senderauth && addr->transport && addr->transport->name && addr->local_part
+		&& Ustrlen(addr->local_part)>0 ){
+	HDEBUG(D_verify) debug_printf("Checking %s against %s ", 
+		    addr->local_part, authenticated_id);
+	if (Ustrcmp(addr->local_part, authenticated_id)==0){
+	    HDEBUG(D_verify) debug_printf("passed\n");
+	    return OK;
+	} else 
+	    HDEBUG(D_verify) debug_printf("NOT passed\n");
     }
+    }
+  
   }     /* Loop for generated addresses */
 
+if (senderauth){
+    HDEBUG(D_acl) debug_printf("%s is not allowed to send email as %s\n",
+		authenticated_id, address);
+    return yield;
+}
+  
 /* Display the full results of the successful routing, including any generated
 addresses. Control gets here only when full_info is set, which requires f not
 to be NULL, and this occurs only when a top-level verify is called with the
