+ control = submission
+ control = dkim_disable_verify
+
+ # Insist that a HELO/EHLO was accepted.
+
+ require message = nice hosts say HELO first
+ condition = ${if def:sender_helo_name}
+
+ # Insist that any other recipient address that we accept is either in one of
+ # our local domains, or is in a domain for which we explicitly allow
+ # relaying. Any other domain is rejected as being unacceptable for relaying.
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ # We also require all accepted addresses to be verifiable. This check will
+ # do local part verification for local domains, but only check the domain
+ # for remote domains. The only way to check local parts for the remote
+ # relay domains is to use a callout (add /callout), but please read the
+ # documentation about callouts before doing this.
+
+ require verify = recipient
+
+ #############################################################################
+ # There are no default checks on DNS black lists because the domains that
+ # contain these lists are changing all the time. However, here are two
+ # examples of how you can get Exim to perform a DNS black list lookup at this
+ # point. The first one denies, whereas the second just warns.
+ #
+ # deny dnslists = black.list.example
+ # message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
+ #
+ # warn dnslists = black.list.example
+ # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
+ # log_message = found in $dnslist_domain
+ #############################################################################
+
+ #############################################################################
+ # This check is commented out because it is recognized that not every
+ # sysadmin will want to do it. If you enable it, the check performs
+ # Client SMTP Authorization (csa) checks on the sending host. These checks
+ # do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
+ # an Internet draft. You can, of course, add additional conditions to this
+ # ACL statement to restrict the CSA checks to certain hosts only.
+ #
+ # require verify = csa
+ #############################################################################
+
+ #############################################################################
+ # If doing per-user content filtering then recipients with filters different
+ # to the first recipient must be deferred unless the sender talks PRDR.
+ #
+ # defer !condition = $prdr_requested
+ # condition = ${if > {0}{$recipients_count}}
+ # condition = ${if !eq {$acl_m_content_filter} \
+ # {${lookup PER_RCPT_CONTENT_FILTER}}}
+ # warn !condition = $prdr_requested
+ # condition = ${if > {0}{$recipients_count}}
+ # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
+ #############################################################################