## Always allow the empty sender, so that we can receive bounces.
accept senders = :
- ## Ensure that the sender is routable. This is important to prevent
- ## undeliverable bounces.
- require message = Invalid sender; \
- ($sender_verify_failure; $acl_verify_message)
- verify = sender
+ ## Ensure that the sender looks valid.
+ require acl = mail_check_sender
## If this is directly from a client then hack on it for a while.
warn condition = ${if eq{$acl_c_mode}{submission}}
## And we're done.
accept
+SECTION(acl, misc)m4_dnl
+mail_check_sender:
+
+ ## See whether there's a special exception for this sender domain.
+ accept senders = ${LOOKUP_DOMAIN($sender_address_domain,
+ {KV(senders, {$value}{})},
+ {})}
+
+ ## Ensure that the sender is routable. This is important to prevent
+ ## undeliverable bounces.
+ require message = Invalid sender; \
+ ($sender_verify_failure; $acl_verify_message)
+ verify = sender
+
+ ## We're good, then.
+ accept
+
SECTION(global, acl)m4_dnl
acl_smtp_connect = connect
SECTION(acl, connect)m4_dnl