I'm currently testing vulnerabilities in my new Zimbra installation and found that anybody can ask my smtp server to send email from my localdomain to my localdomain without using authentication.

I followed the Rejecting false "mail from" addresses tutorial in Zimbra's Wiki to only allow local network or authenticated user to send in behalf of my localdomain but with Zimbra 8.0.5 i'm unable to get it working. I'm not sure of to figure out what my localnetwork is set to in my zimbra config so I would prefer to always require authentification when sending on behalf of my localdomain.

Any ideas?