# Begin: Prevent from spoofing, especially in O365 environments
log(1,'compare envelope-sender-domain with from-header-domain');
setheader('x-header-from','$header_from');
compare('x-header-from','substitute','.*@');
getheader('x-header-from','header_from_domain');
setheader('x-envelope-sender','$from');
compare('x-envelope-sender','substitute','.*@');
getheader('x-envelope-sender','envelope_sender_domain');
if (!compareattr('header_from_domain_raw','equal','$envelope_sender_domain_raw')) {
	log(1,'...but sender-domain in envelope and header is not identic, dropping');
	drop('554','5.7.1 Relay access denied');
}
# End: Prevent from spoofing, especially in O365 environments