dnl
dnl проверка адресов хостов отправителя на принадлежность к relay_from_hosts,
dnl если в MAIL FROM или RCPT TO указан внутренний домен
dnl NO		- не проводить проверку
dnl WARN	- вывода в лог файл предупреждения
dnl REJECT	- возврата клиенту кода 5xx
dnl define(`confCHECK_FAKE_INTERNAL', `WARN')dnl
dnl список доменов и отдельных адресов, счиющихся внутренними, указан в файле domains-internal
dnl
ifelse(SECTION, `MAIN', `dnl
domainlist internal_domains	= lsearch;CONFDIR/domains-internal
')dnl
ifelse(SECTION, `ACL_CHECK_RCPT', `dnl
	# Проверка хоста отправителя на принадлежность к relay_from_hosts,
	# если домен адреса отправителя является внутренним
ifdef(`confCHECK_FAKE_INTERNAL', `ifelse(confCHECK_FAKE_INTERNAL, `REJECT', `dnl
	deny	! hosts		= +relay_from_hosts
		condition	= ${lookup{$sender_address_domain} \
				    wildlsearch{CONFDIR/domains-internal}{yes}{no}}
		message		= You do not have permission to send message with \
				    $sender_address_domain domain in MAIL FROM command
	deny	! hosts		= +relay_from_hosts
		condition	= ${if or{\
				    {eq{${lookup{$sender_address}\
					wildlsearch{CONFDIR/domains-internal}{internal}{}}}\
					{internal}}\
				    {eq{${lookup{$sender_address|from}\
					wildlsearch{CONFDIR/domains-internal}{internal}{}}}\
					{internal}}\
				    }{yes}{no}}
		message		= You do not have permission to send message with \
				    $sender_address address in MAIL FROM command
')')
ifdef(`confCHECK_FAKE_INTERNAL', `ifelse(confCHECK_FAKE_INTERNAL, `WARN', `dnl
	warn	! hosts		= +relay_from_hosts
		condition	= ${lookup{$sender_address_domain} \
				    wildlsearch{CONFDIR/domains-internal}{yes}{no}}
		log_message	= internal domain $sender_address_domain in MAIL FROM command
		add_header	= X-Warn-Internal: internal domain $sender_address_domain in MAIL FROM command
	warn	! hosts		= +relay_from_hosts
		condition	= ${if or{\
				    {eq{${lookup{$sender_address}\
					wildlsearch{CONFDIR/domains-internal}{internal}{}}}\
					{internal}}\
				    {eq{${lookup{$sender_address|from}\
					wildlsearch{CONFDIR/domains-internal}{internal}{}}}\
					{internal}}\
				    }{yes}{no}}
		log_message	= internal address $sender_address in MAIL FROM command
		add_header	= X-Warn-Internal: internal address $sender_address in MAIL FROM command
')')

	# Проверка хоста отправителя на принадлежность к relay_from_hosts,
	# если домен адреса получателя является внутренним
ifdef(`confCHECK_FAKE_INTERNAL', `ifelse(confCHECK_FAKE_INTERNAL, `REJECT', `dnl
	deny	! hosts		= +relay_from_hosts
		domains		= +internal_domains
		message		= You do not have permission to send message with \
				    $domain domain in RCPT TO command
	deny	! hosts		= +relay_from_hosts
		condition	= ${lookup{$local_part@$domain}wildlsearch{CONFDIR/domains-internal}{yes}{no}}
		message		= You do not have permission to send message with \
				    $local_part@$domain address in RCPT TO command
')')
ifdef(`confCHECK_FAKE_INTERNAL', `ifelse(confCHECK_FAKE_INTERNAL, `WARN', `dnl
	warn	! hosts		= +relay_from_hosts
		domains		= +internal_domains
		log_message	= Internal domain $domain in RCPT TO command
		add_header	= X-Warn-Internal: Internal domain $domain in RCPT TO command
	warn	! hosts		= +relay_from_hosts
		condition	= ${if or{\
				    {eq{${lookup{$sender_address}\
					wildlsearch{CONFDIR/domains-internal}{internal}{}}}\
					{internal}}\
				    {eq{${lookup{$sender_address|from}\
					wildlsearch{CONFDIR/domains-internal}{internal}{}}}\
					{internal}}\
				    }{yes}{no}}
		log_message	= internal address $local_part@$domain in RCPT TO command
		add_header	= X-Warn-Internal: internal address $local_part@$domain in RCPT TO command
')')
')dnl