Better on comp.mail.sendmail, but several bad ideas here

FORGED:
   perfectly legal, also common on fine mail.  My machine
   introduces itself as the inside interface.  (EHLO
   inside.domain.com) Not illegal but will show up as forged.

FAIL: Watch these closely, often ok..
TEMP: can't resolve for now but you send a 550.  Use a 4xx error back.


I took the failed circumstance and added a header:

My users can filter on that into a subfolder.  But LOTS of
companies have bad reverse DNS.  Moreover, lots of PARTNERS
had that.  Bad to block.


best to send to a sendmail list.

Quoting sudog (sudog@sudog.com):
> 
> I have the following rules in my sendmail.mc:
> 
> LOCAL_RULESETS
> Scheck_eoh
> R$*              $: $&{client_resolve}
> RTEMP           $#error $@ 4.7.1 $: "550 Access denied--I can't seem to (etc)
> RFORGED         $#error $@ 4.7.1 $: "550 Access ddenied--Looks like your (etc)
> RFAIL           $#error $@ 4.7.1 $: "550 Access denied--I attempted an (etc)
> 
> I do this because it catches a huge amount of incoming spam and also 
> helpfully lets other sysadmins know that their DNS for their mailserver is 
> screwed up.
> 
> But! The above rules seem to override everything else. Doh!
> 
> What I'd like to do is have the access_db over-ride the above rules. I've 
> tried putting these rules in Local_check_relay and various other locations 
> without any success.
> 
> How do I make these rules have lesser precedence over the access_db RELAY and 
> OK values, but still higher precedence than the rest of the rulesets?
> 
> Or can I do this? :)