### acl/30_dxld_acl_tls
#################################

# DXLD -- This ACL allows RCPT if the connection is verified by a
# client certificate, I use this when relaying for workstations.

acl_check_rcpt_dxld_tls:

  require
    verify = certificate
    control = submission
    control = dkim_disable_verify

  accept
    verify = recipient
    domains = +local_domains

  # DXLD -- Make sure I don't send undeliverable garbage.
  #
  # I have rewriting on the workstation exim so the clients domain
  # is rewritten to something sensible.
  require
    message = Sender verification failed
    verify = sender

  accept
