--
On Tue, Jul 09, 2002 at 11:39:35PM +0200, Joachim Wieland wrote:
| I think I have a wishlist item but maybe one of you knows how to solve
| this:
| So I have the problem whether or not to tell the dnslookup router to
| verify recipients since the people who are allowed to relay still
| should not be able to send mail to rcpt's with non-existent domains
| or these things.
| What do you think about it? Does anybody have another idea?
Use
require verify = recipient
in an ACL. You want to verify the recipient no matter what. That
prevents someone from trying to send mail to
<does-not-exist@???> and your RCPT ACL accepting it.
When you "require" the verification, that means if the verification
fails, reject the RCPT, otherwise check the next statement.
I think the problem you're trying to solve only occurs if you use an
"accept" command instead -- where it accepts the relay for every valid
recipient regardless of the sender.
Having the verify on the dnslookup router prevents people from trying
to send mail to non-existant domains. (at least, it prevents you from
being responsible for bouncing it)
HTH,
-D
--
What good is it for a man to gain the whole world, yet forfeit his
soul? Or what can a man give in exchange for his soul?
Mark 8:36-37
http://dman.ddts.net/~dman/
--
[ Content of type application/pgp-signature deleted ]
--
