diff --git a/emailwiz.sh b/emailwiz.sh
index a85c259..273be45 100755
--- a/emailwiz.sh
+++ b/emailwiz.sh
@@ -94,6 +94,8 @@ postconf -e 'smtpd_sasl_type = dovecot'
 postconf -e 'smtpd_sasl_path = private/auth'
 
 # Sender and recipient restrictions
+postconf -e "smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre"
+postconf -e "smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_sender_login_mismatch"
 postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination'
 
 # NOTE: the trailing slash here, or for any directory name in the home_mailbox
@@ -106,6 +108,10 @@ postconf -e 'home_mailbox = Mail/Inbox/'
 # Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses
 postconf -e "header_checks = regexp:/etc/postfix/header_checks"
 
+# Create a login map file that ensures that if a sender wants to send a mail from a user at our local
+# domain, they must be authenticated as that user
+echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/   \${1}" > /etc/postfix/login_maps.pcre
+
 # strips "Received From:" in sent emails
 echo "/^Received:.*/     IGNORE
 /^X-Originating-IP:/    IGNORE" >> /etc/postfix/header_checks