I have exim 4 on my backup MX server. I'd like to configure it so that sender callout address verification is done, but only where the domain part of the sender address is listed in local_domains or relay_to_domains i.e. the mail purports to be from a domain I manage.
I want to use this because my primary MX will reject messages which have a forged sender address at one of the local domains, which causes the secondary to send a unwanted bounce message. This also gets rejected by the primary, and the unwanted bounce sits in the mail queue on the secondary for eternity (or until it expires)/
I already have recipient callout verification working.