# 39.31 with the added information that a smarthost/satellite setup
# routes all non-local e-mail to the smarthost.
.ifdef CHECK_RCPT_VERIFY_SENDER
- deny
- message = Sender verification failed
- !acl = acl_whitelist_local_deny
+ # hcoop-change: warn so that we can track down webapps sending
+ # without a valid return user, but not break the many web apps that
+ # do so. Fix.
+ warn
+ log_message = Sender verification failed
+ !acl = acl_local_deny_exceptions
!verify = sender
.endif
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
- warn
+ # hcoop-change: drop connection instead of warning
+ drop
message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
dnslists = CHECK_RCPT_IP_DNSBLS
# hcoop-change: enable TLS
MAIN_TLS_ENABLE = yes
+
+# hcoop-change: enabled sender verification
+CHECK_RCPT_VERIFY_SENDER = true
+CHECK_RCPT_IP_DNSBLS = zen.spamhaus.org
+CHECK_RCPT_REVERSE_DNS = true
+CHECK_RCPT_SPF = true