On Tue, Dec 24, 2002 at 06:18:00PM +0000,
Tim Jackson <lists@???> is thought to have said:
> Now, I don't think it desperately matters either way, and
> I can think of some arguments for waiting until RCPT (e.g. you will be
> blocking mails that might be to postmaster), but personally I would like
> to reject at the MAIL stage, on the basis that the bounces generated by
> originating MTA's often look something like this:
Actually the biggest one I've seen is that some MTAs treat 5xx at MAIL FROM
as a temporary failure. Failing after RCPT is a lot more foolproof.
> if you do sender verification at RCPT) could be confusing:
>
> # Hello this is an MTA, blah blah failure etc.
> # ...
> # I said:
> # # RCPT TO: <validuser@someotherdomain>
> # The remote server said:
> # # 5xx something about an invalid address
>
> (The "something about an invalid address" refers to what a typical
> end-user might interpret the message as)
The message for a rcpt acl containing 'require verify = sender' results in:
550-Verification failed for <blah@???>
550-Unrouteable address
550 Sender verify failed
Seems pretty clear to me that it was the address used in MAIL FROM failed to
verify and presumably the sender will recognize their own address in the
error message.
--
--------------------------------------------------------------------
Tabor J. Wells twells@???
Fsck It! Just another victim of the ambient morality