Re: [Exim] sender callout failing

Top Page
Delete this message
Reply to this message
Author: David Saez
Date:  
To: Exim Users Mailing List, woods
Subject: Re: [Exim] sender callout failing
Hi !!

> > domain does not accept null envelope senders. I don't need to test that
> > condition, I only need to test if the address exists or not.
>
> Either you're testing the sender address (i.e. the return address, also
> known as the SMTP envelope sender address, a.k.a. the parameter given to
> the "MAIL" command), or you're not. This is only one sender address.


I'm testing this address and it's ok for me to do a callout verifcation
using a null envelope sender.

> Forget the address(es) in the "From:" header! Forget all the headers!
> SMTP servers should not ever examine the addresses in the RFC-[2]822
> headers in the _body_ of the message!
> It's fine to validate the SMTP envelope sender address, but that's all.


that's your opinion, i'm doing all sort of checks to the headers without
any trouble. any postmaster has his own policy, mine includes checking
headers.

> Note though that active validation of sender addresses by pretending to
> send a test message to them is very problematic and will cause
> unexpected problems and strange behaviour. You should try to restrict
> your tests to validating through the DNS alone.


I'm using sender callout verification since exim is capable of this
without any problem, now with defer_ok and timeout callout options well
used is very unlikely that you could have any problem with callout
verification.

> If all you want to do is filter spam then you can do whatever checks you
> want _after_ the SMTP transaction is complete -- i.e. do them in/through
> your local delivery agent!


well, I'm also using exiscan with spamassassin as smtp time without
any problem. Regarding spam i try to do my best to refuse it at smtp
time and cause as much trouble as possible to the sending server, my
tests show that a header address callout verification will catch about
20% of the spam, which means i could reduce the load produced by
spamassassin by rejecting that messages before they reach exiscan.
That test also caughts some virus warnings sent by some servers,
which is not a problem as modern viruses use forged email addresses,
and some mails comming from real people that have real email accounts
on servers which do not accept null envelope senders. This is a problem
that could be solved just by doing a callout verification using some
not null address.

> A server that refuses to accept bounces will not ever accept return mail
> for any _sender_ address!


I know, i tried to persuade some of this postamasters to fix they
servers, but i never get an answer from them. I do not want to accept
mail from that kind of servers and a envelope sender callout will
refuse any mail from them. But I do not want to refuse mails
comming from other well configured servers that have a From: line
which fails a callout verification. Think i.e. on mailing lists.

> The sole purpose of the SMTP envelope sender address is for sending
> return bounces. If the server responsible for a sender address refuses
> to accept bounces then that sender address is, _by_definition_, invalid!


I agree, but i'm mainly talking about using callout on header addresses.

--
Best regards ...

I know Karate, Kung Fu, and 47 other dangerous words

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david@???
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------