Don't allow domain hijack

The following configuration part is a replacement for the check_mail ruleSet. It can check whether the domains from LocalDomains within the from-addresses being offered to sendmail are coming from the IP-addresses/ranges that are defined in LocalIP. Please make sure the space in between the left-hand-side and the right-hand-side of the configuration are seperated by tabs.

F{LocalDomains} /etc/mail/LocalDomains
F{LocalIP} /etc/mail/LocalIP

Scheck_mail
# ruleset 3 makes the input into a normal e-mail address (user<@blaat.nl.>)
R$*                     $: $>3 $1

# first: get client addr
R$+                     $: $(dequote "" $&{client_addr} $) $| $1
# no client_addr, smmsp?
R0 $| $*                $: $>"check_mail2" $1
# client_addr in /etc/mail/LocalIP? then go to SLocal_check_mail
R$={LocalIP}$* $| $*    $: $1 $| $>"Local_check_mail" $1

# mail from user@domain, domain in /etc/mail/LocalDomains? Then reject, because it is not a local IP
R$*<@$={LocalDomains}.>$*        $#error $@ 5.7.1 $: "550 We don't accept junk mail from our own domains"
R$*<@$={LocalDomains}>$*         $#error $@ 5.7.1 $: "550 We don't accept junk mail from our own domains"

SLocal_check_mail
Scheck_mail2
R$*                     $: $1 $| $>"Local_check_mail" $1
R$* $| $#$*             $#$2
R$* $| $*               $@ $>"Basic_check_mail" $1

LocalDomains:

localhost
beeblebrox.example.com
foobar.example.com

LocalIP:

127.
192.168.1.2
10.12.
IPv6:::1
IPv6:2001:dead:beef: