Re: [Exim] Re: about SMTP callback.

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Marc MERLIN
Dátum:  
Címzett: Philip Hazel
CC: James Antill, exim-users
Tárgy: Re: [Exim] Re: about SMTP callback.
On Sat, Dec 01, 2001 at 12:28:35PM +0000, Philip Hazel wrote:
> > I guess as with all caching the big question is how long to you cache
> > for.
>
> Exactly. I have been pondering this, and it seems to me that there is no
> obvious answer.


I concur.
This should really be a site by site decision depending on what you try to
achieve
(i.e. your personal mail server receiving a few mails a day could be
configured to cache for a short time, while a big site that receives lots of
mail could be configured to cache longer so as not to generate too many
callbacks).

Of course, we're still left with let's say 1000 subscribers to bugtraq that
do callbacks individually when they receive the mail on their home server.

Apparently the answers to that are:
1) do not do callbacks on the header from. Philip posted a patch for this:
ftp://ftp.valinux.com/pub/people/merlin/exim-3.31-woody-99.1/exim-hdrfrmcallback.diff

2) configure exim to not do callbacks when you receive mail from lists

kenny:/etc/mail/checksender# cat callback.badsendinghosts
# Mailservers listed here bypass callbacks.
# This is to bypass callbacks for broken hosts.
# You can also list mailing list servers here as the envelope from will
# always be good, and yoy may want to be nice and not overwhelm the header
# from by being one in many hosts to check the same Email after a post
# Do not list hostnames, if the DNS query hangs, mail will hang

# Bugtraq (doesn't do callback, but some important security posts come
# from broken header froms)
# outgoing[123].securityfocus.com search.securityfocus.com
!66.38.151.4
!66.38.151.26
!66.38.151.27
!66.38.151.6

Then, in exim.conf, something like
sender_verify_hosts_callback = !10.0.0.0/8:!*.valinux.com:/etc/mail/checksender/callback.badsendinghosts:*


3) The suggestion from James of an RBL-like DNS list of list servers that
are trusted to do SMTP callbacks and from whom we accept mail directly

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key