Re: [Exim] sender callout failing

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDavid Saez at <-
MNico Erfurth at ->
Delete this message
Reply to this message
Author: Exim Users Mailing List
Date:  
To: David Saez
CC: Exim Users Mailing List
Subject: Re: [Exim] sender callout failing
[[ BTW, Please honour my reply-to header. If you don't want multiple
copies then please use your own reply-to header as appropriate. ]]

[ On Sunday, March 30, 2003 at 11:06:32 (+0200), David Saez wrote: ]
> Subject: Re: [Exim] sender callout failing
>
> > Forget the address(es) in the "From:" header! Forget all the headers!
> > SMTP servers should not ever examine the addresses in the RFC-[2]822
> > headers in the _body_ of the message!
> > It's fine to validate the SMTP envelope sender address, but that's all.
>
> that's your opinion, i'm doing all sort of checks to the headers without
> any trouble. any postmaster has his own policy, mine includes checking
> headers.

This isn't a matter of my opinion -- this is one of the original strict
rules about the SMTP protocol that's never really been disputed by
anyone who has a good understanding of SMTP.

If you think you're not having or going to have any trouble with active
sender address validation then I really must say that you cannot
possibly understand fully what you're doing. The consequences are many,
varied, and deep. You will cause problems for yourself and others who
try to communicate with your users even though nothing may be "wrong"
with their mailers, not even in the slightest.

> > A server that refuses to accept bounces will not ever accept return mail
> > for any _sender_ address!
>
> I know, i tried to persuade some of this postamasters to fix they
> servers, but i never get an answer from them. I do not want to accept
> mail from that kind of servers and a envelope sender callout will
> refuse any mail from them. But I do not want to refuse mails
> comming from other well configured servers that have a From: line
> which fails a callout verification. Think i.e. on mailing lists.

Since you really should not be looking at the From: line in the first
place.....

Mailing lists are far from the only things you'll have problems with.


> I agree, but i'm mainly talking about using callout on header addresses.

Please DO NOT EVER do active address verification on any addresses from
the body of the message (including the RFC-[2]822 headers).

There are almost infinitely less "dangerous" and more effective ways of
dealing with spam than trying to do what you claim to be doing. Heck
even using the bl.spamcop.net DNS blacklist is probably less "dangerous".

Philip really should never have made this kind of thing possible in exim
without serious hacking being necessary on the part of the ill-informed
users who think they want to do it. 

--
                                Greg A. Woods


+1 416 218-0098;            <g.a.woods@???>;           <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Like in the good old times ... (sendmail exploit)Re: [Exim] sender callout failing->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)