This is maybe an exotic question (or maybe totally irrelevant).
Currently, we use Redmine as a project management system and Zimbra as our mail server. We want to enable users to update Redmine issues by sending an email. Redmine makes this possible by providing a Ruby script which can run on your mail server. You need to set up Zimbra such that when you forward an email to the "Redmine user" (which is the Redmine server) that it also provides a key (shared with Redmine) for security reasons. Of course, also the project and the issue number needs to be given. This is explained in : Redmine - RedmineReceivingEmails - Redmine
I still fear email spoofing though. It is still possible that people send an email to the Redmine server (through our Zimbra MTA) to spam our Redmine server. Is there a possibility to filter out emails going to a certain destination (being the "Redmine user") such that only emails are accepted from clients that are directly connected to the Zimbra MTA and those that are coming from other MTA's are discarded ?
I'm sorry if I miss the point, but I'm not an expert in these things ...
Thanks in advance !