On 23/05/16 16:00, Richard James Salts wrote: > Almost, it is > <mailto:valenzuelaelvira94...@brushfiremusic.net>valenzuelaelvira94...@brushfiremusic.net,
Assuming that the Return-Path header accurately reflects the envelope sender, then yes. While this is almost certainly the case, they are not the same. > although you can't validate the local part of the > sender except via a callout (which is frowned upon by many administrators). reject_non_fqdn_sender does not validate the domain name either, it simply checks that the envelope sender looks like a fqdn, it does not attempt to validate with a DNS lookup. To verify the sender domain against a DNS check use reject_unknown_sender_domain. I tend to recommend putting both in your restrictions (put reject_non_fqdn_sender first because it's a less expensive test). Peter
