Re: [Exim] Wish list (I think) regarding sender verify callo…

Pàgina inicial
Delete this message
Reply to this message
Autor: Kevin P. Fleming
Data:  
A: Dave C.
CC: Alan J. Flavell, Exim users list
Assumpte: Re: [Exim] Wish list (I think) regarding sender verify callout.
Dave C. wrote:
> Well, when some of this management could be handled automatically, eg,
> 'if this server doesnt accept MAIL FROM: <>', then just dont bother
> verifing senders from that domain - yes, I could determine that by hand
> on a 500,000+ messages per day server by expending quite a bit of time
> poking through logs and doing manual checks, but why doesnt it make
> sense to have exim be capable of doing it on the fly? It could even be
> incorporated into the callback caching patch, and in this case it would
> cache to not bother trying callbacks for that particular sender
> domain...
>


OK, I'm listening :-)

>
> Perhaps it would be nice to have a callback option that would:
>
> Issue:
>
> HELO
> MAIL FROM:<>
> RCPT TO:<sender@sender_domain>
> RCPT TO:<completely-random-string-that-couldnt-possibly-exist-as-an-account-on-the-destination-server@sender_domain>
> RSET
> QUIT
>
> If MAIL FROM:<> is not accepted, accept the inbound message. then
> Cache the sender domain for no callbacks.
>


Just a thought: should it matter if there are other MX records for the
sender's domain?

> If MAIL FROM:<> is accepted, then
>
> (
>
>  If RCPT TO:<sender> is not accepted, then
>    reject/cache as appropriate

>
>  If RCPT TO:<sender> is accepted, then
>    accept/cache as appropriate

>
>  If RCPT TO:<random-crap...> is accepted, then
>    accept/cache sender domain for no callbacks

>
> )
>


I like this.

> Actually, to tell the truth, I think calbacks would be FAR more flexible
> and powerful if you added a way to determine when to do a callback
> (based on whatever ACL conditions you wanted), but then set (true/false)
> variables such as:
>
> $callback_host_rejected_connection
> $callback_host_connection_timed_out
> $callback_host_accepted_null_sender
> $callback_host_accepted_sender_as_recipient
> $callback_host_accepted_random_recipient
>
> Then these would be available for checking in the smtp_rcpt ACL, where
> one could set any conditions one wanted.


I like this too, although I can't immediately see how to implement it in
the config language. Are you suggesting that

deny senders = ...
      ! hosts = ...
      ! verify = sender/callout


would not actually do a denial, but would just set the variables listed
above? Or would we need some way to tell the callout code that we only
wanted variable results, and to not return a failure?