dnl проверка A записи домена отправителя
dnl (несуществующие домены из зон .net и .com могут иметь A запись 64.94.110.11)
dnl NO		- не проводить проверку
dnl YES		- проводить проверку
dnl IGNORE	- возврата клиенту кода 5xx при встречной проверке отправителя
dnl define(`confCHECK_MAIL_DOMAIN', `YES')dnl
dnl
dnl access-mail-domain-a:
dnl #
dnl # http://www.imperialviolet.org/dnsfix.html
dnl #
dnl 64.94.110.11    : deny : 5.1.8 Just coz VerSign says your domain exists doesnt mean it really does.
dnl 194.205.62.122  : deny : 5.1.8 194.205.62.122 - A record for nonexistent domains from .AC and .CC zones
dnl 216.220.34.101  : deny : 5.1.8 216.220.34.101 - A record for nonexistent domains from .BZ zone
dnl 206.253.214.102 : deny : 5.1.8 206.253.214.102 - A record for nonexistent domains from .CC zone
dnl 159.226.7.162   : deny : 5.1.8 159.226.7.162 - A record for nonexistent domains from .CN zone
dnl 219.88.106.80   : deny : 5.1.8 219.88.106.80 - A record for nonexistent domains from .CX zone
dnl 202.128.12.163  : deny : 5.1.8 202.128.12.163 - A record for nonexistent domains from .MP zone
dnl 195.7.77.20     : deny : 5.1.8 195.7.77.20 - A record for nonexistent domains from .MUSEUM zone
dnl 64.55.105.9     : deny : 5.1.8 64.55.105.9 - A record for nonexistent domains from .NU zone
dnl 212.181.91.6    : deny : 5.1.8 212.181.91.6 - A record for nonexistent domains from .NU zone
dnl 203.119.4.6     : deny : 5.1.8 203.119.4.6 - A record for nonexistent domains from .PH zone
dnl 216.98.141.250  : deny : 5.1.8 216.98.141.250 - A record for nonexistent domains from .PW zone
dnl 65.125.231.178  : deny : 5.1.8 65.125.231.178 - A record for nonexistent domains from .PW zone
dnl 194.205.62.62   : deny : 5.1.8 194.205.62.62 - A record for nonexistent domains from .SH zone
dnl 146.101.245.154 : deny : 5.1.8 146.101.245.154 - A record for nonexistent domains from .TD zone
dnl 195.20.32.83    : deny : 5.1.8 195.20.32.83 - A record for nonexistent domains from .TK zone
dnl 195.20.32.86    : deny : 5.1.8 195.20.32.86 - A record for nonexistent domains from .TK zone
dnl 194.205.62.42   : deny : 5.1.8 194.205.62.42 - A record for nonexistent domains from .TM zone
dnl 203.73.24.11    : deny : 5.1.8 203.73.24.11 - A record for nonexistent domains from .TW zone
dnl 216.35.187.246  : deny : 5.1.8 216.35.187.246 - A record for nonexistent domains from .WS zone
dnl
ifdef(`confCHECK_MAIL_DOMAIN', `ifelse(confCHECK_MAIL_DOMAIN, `IGNORE', `dnl
ifelse(SECTION, `MAIN', `dnl
hostlist bad_mail_domain_a	= CONFDIR/access-mail-domain-a
define(`DNSLOOKUP_IGNORE_TARGET_HOSTS', DNSLOOKUP_IGNORE_TARGET_HOSTS` : +bad_mail_domain_a')dnl
')
')')
dnl
	# Block messages where the sender domain resolves to bad IPs
	warn	set acl_m0	=
		condition	= ${if eq{$sender_address_domain}{}{no}{yes}}
		set acl_m1	= ${lookup dnsdb{a=$sender_address_domain}{$value}{}}
		set acl_m0	= ${lookup{$acl_m1}lsearch{CONFDIR/access-mail-domain-a}}
	warn	condition	= ${if eq{$acl_m0}{}{no}{yes}}
		condition	= ${if match{$acl_m0}{\N(?i)^\s*(warn).*$\N}{yes}{no}}
		log_message	= Domain of sender $sender_address_domain has bad A record $acl_m1
		message		= X-Warn-Verisign: \
				${if match{$acl_m1}{\N(?i)^\s*(warn)\s*:\s*(.+)$\N}\
				{$2}{domain of sender $sender_address_domain has bad A record $acl_m1}}
	deny	log_message	= Domain of sender $sender_address_domain has bad A record $acl_m1
		condition	= ${if match{$acl_m0}{\N(?i)^\s*(deny|reject).*$\N}{yes}{no}}
		message		= ${if match{$acl_m0}{\N(?i)^\s*(deny|reject)\s*:\s*(.+)$\N}\
				{$2}{Domain of sender $sender_address_domain has bad A record $acl_m1}}