### acls/30_local-config_check_rcpt				-*-sh-*-
#####################################

#### NOTE: If we get here the sender is remote and unauthenticated

  # Accept the recipient address if it contains our own signature.
  # This means this is a response (DSN, sender callout verification...)
  # to a message that was previously sent from here.
  # Only accept sender if it is null or matches the signature.
  accept
    domains = +local_domains
    condition = ${if and {{match{${lc:$local_part}}{^(.*)=(.*)}}\
                          {eq{${hash_8:${hmac{md5}{SECRET}{$1}}}}{$2}} }}
    senders = : ${extract{2}{=}{$local_part}}@${extract{3}{=}{$local_part}}
    logwrite = Accepted notification for ${extract{2}{=}{$local_part}}@\
                    ${extract{3}{=}{$local_part}} from <$sender_address>

  # Flag bogus notifications.
  # IMPORTANT: Don't reject here so that sender callouts to us work.
  warn
    domains = +local_domains
    senders = : 
    !condition = ${if and {{match{${lc:$local_part}}{^(.*)=(.*)}}\
                           {eq{${hash_8:${hmac{md5}{SECRET}{$1}}}}{$2}} }}
    set acl_m11 = bogus notification.

  # Deny if listed in spamhaus
  deny
    message = $sender_host_address is listed in $dnslist_domain\
	${if def:dnslist_text { ($dnslist_text)}{}}.\n\
	Please contact your ISP or system adminstrator.
    log_message = Sender host address is listed in $dnslist_domain
    !acl = acl_local_deny_exceptions
    !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
                          {CONFDIR/local_domain_dnsbl_whitelist}{}}
    !dnslists = list.dnswl.org
    dnslists = zen.spamhaus.org:bl.spamcop.net

  # Bypass additional checks for sender callouts to us
  accept
    domains = +local_domains
    senders = : postmaster

  # ---------------------------------------------------------------
  # Perform greylisting on incoming messages from remote hosts.
  # We check the local whitelist to avoid greylisting mail from
  # hosts that are expected to forward mail here (such as backup MX hosts,
  # list servers, etc).
  .ifdef GREYLIST_ENABLED
  defer 
    !verify = reverse_host_lookup
    !verify = helo
    !acl = acl_local_deny_exceptions
    !dnslists = list.dnswl.org
    acl = greylist_acl
    message = GreyListed: please try again later
  .endif

# EOF