# Ensure a valid SRS prefixed bounce message gets accepted
 deny
    senders = :
    domains = +local_domains
    local_parts = ${if match {$local_part} {(?i)\N^SRS[01][=+-]\N} {$local_part}}
    control = caseful_local_part
    condition = ${if match{${readsocket{/tmp/srsd}{REVERSE $local_part@$domain}{5s}{\n}}}{^ERROR: .* Invalid hash at .*}}
    message = Invalid reverse path (SRS check failed on $local_part@$domain).

 warn
    control = caseful_local_part
    local_parts = ${if match {$local_part} {\N^srs[01][=+-]\N} {$local_part}}
    senders = :
    domains = +local_domains
    condition = ${if match{${readsocket{/tmp/srsd}{REVERSE $local_part@$domain}{5s}{ }}}{^SRS: Case insensitive hash match detected. Someone smashed case in the local-part. .*}}
    log_message = SRS hash smashed on the way for $local_part@$domain by case insensitive MTA.