> T-Online clearly states in their terms and conditions that they will
> block servers who perform sender verfication towards them.
Then a different check:
deny condition = ${if or{\
{eqi{$sender_address_domain}{t-online.de}}\
.ifdef _HAVE_LOOKUP_DNSDB
{forany{${lookup dnsdb{>: defer_never,mxh=$sender_address_domain}}}\
{match{$item}{\N^mx\d+\.t-online\.de$\N}}}\
.endif
}}
condition = ${if match{${readsocket{inet:\
.ifdef _HAVE_LOOKUP_DNSDB
${reduce{${lookup dnsdb{>: defer_never,mxh=$sender_address_domain}}}\
{}{$item}}\
.else
mx00.t-online.de\
.endif
:25}{}{2s}}}{^554 IP=}}
message = We checked that $sender_address_domain blocks us. \
So we do not accept a message we cannot reply to.
# The server admin may change "deny" to "warn" and
# "message =" to "control = fakereject/"
# but few admins will want that (or notice and bother).
