Hello list,
I've been experimenting with 'require verify = sender/callout' in
'acl_smtp_rcpt'.
Seems to work great for fake msn.com and hotmail.com senders (thank you,
microsoft).
Not so for yahoo.com, because Exim does this test (spec.txt: 37.10):
HELO <primary host name>
MAIL FROM:<>
RCPT TO:<the address to be tested>
QUIT
My own test:
telnet mx1.mail.yahoo.com 25
Trying 64.157.4.81...
Connected to mx1.mail.yahoo.com.
Escape character is '^]'.
220 YSmtp mta302.mail.yahoo.com ESMTP service ready
helo localhost
250 mta302.mail.yahoo.com
mail from:<>
250 null sender <> ok
>>> rcpt to:<qwerty73747473737@???> <<<fake
>>> 250 recipient <qwerty73747473737@???> ok <<<Argh!
data
354 go ahead
.
>>> 554 delivery error: dd This user doesn't have a yahoo.com
account (qwerty73747473737@???) - mta302.mail.yahoo.com
quit
Nice, yahoo renders callout useless. My question: Is it
unethical/spamming to expand the test (can do this myself) with empty
data only for yahoo senders? Sometimes the sender will be legit and
recieve strange mail.
Regards,
Friso Kuipers.
