first, we still have 5.0.9 in production, we have a upgrade path for this year to 8.0.x, but I need to implement this on 5.0.9:

We have lot's of accounts (facebook@, socialmedia@, support@subdomainXX., etc.) which we want to restrict who can sent mails from. We got some breaches where our users used weak passwords on those accounts and spammers used our servers as mail relays.

Now, we want to restrict those accounts to be only useable for sending from our internal network.

Therefore I would like to implement restrictions like:

<Email> <Internal Lan> :OK
<Email> <The rest> :REJECT

I am not sure how to do this in postfix / zimbra, because all the sender or recipient restrictions use simple lookuptables where I can only specify either a domain, ip or an email, there seems to be no lookup which permits to say this email from this range OK, etc.

Any help appreciated,