## Always allow the empty sender, so that we can receive bounces.
accept senders = :
- ## Ensure that the sender is routable. This is important to prevent
- ## undeliverable bounces.
- require message = Invalid sender; \
- ($sender_verify_failure; $acl_verify_message)
- verify = sender
+ ## Ensure that the sender looks valid.
+ require acl = mail_check_sender
## If this is directly from a client then hack on it for a while.
warn condition = ${if eq{$acl_c_mode}{submission}}
## And we're done.
accept
+SECTION(acl, misc)m4_dnl
+mail_check_sender:
+
+ ## See whether there's a special exception for this sender domain.
+ accept senders = ${LOOKUP_DOMAIN($sender_address_domain,
+ {KV(senders, {$value}{})},
+ {})}
+
+ ## Ensure that the sender is routable. This is important to prevent
+ ## undeliverable bounces.
+ require message = Invalid sender; \
+ ($sender_verify_failure; $acl_verify_message)
+ verify = sender
+
+ ## We're good, then.
+ accept
+
SECTION(global, acl)m4_dnl
acl_smtp_connect = connect
SECTION(acl, connect)m4_dnl
SECTION(global, acl)m4_dnl
acl_smtp_expn = expn_vrfy
acl_smtp_vrfy = expn_vrfy
-SECTION(acl)m4_dnl
+SECTION(acl, misc)m4_dnl
expn_vrfy:
accept hosts = +trusted
deny message = Suck it and see
accept hosts = +trusted
accept condition = ${if eq{$acl_c_mode}{submission}}
+ ## If all domains have disabled spam checking then don't check.
+ accept !condition = $acl_c_spam_check_domain
+
## Otherwise we should check.
deny
rcpt_spam:
+ ## If this is a virtual domain, and it says `spam-check=no', then we
+ ## shouldn't check spam. But we can't check domains at DATA time, so
+ ## instead we must track whether all recipients have disabled
+ ## checking.
+ warn !domains = ${if exists{CONF_sysconf_dir/domains.conf} \
+ {partial0-lsearch; CONF_sysconf_dir/domains.conf} \
+ {}}
+ set acl_c_spam_check_domain = true
+ warn !condition = $acl_c_spam_check_domain
+ condition = DOMKV(spam-check, {${expand:$value}}{true})
+ set acl_c_spam_check_domain = true
+
## See if we should do this check.
accept acl = skip_spam_check