On Mon, 12 May 2003, Chris Edwards wrote:
> The manual implies exim uses the actual sender address of the
> message, rather than just MAIL FROM: <>
<snip>
> However, on my system (exim4.14, solaris8) , the recipient callout simply
> does MAIL FROM: <> just like it does when verifying senders.
This is a bug in the manual. The code doesn't seem to have ever done
anything else.
> Thinking further, this is perhaps just as well. Suppose the target of the
> callout rejects the recipient perhaps because it has blacklisted the
> enevelope sender presented in MAIL FROM:
>
> Then, exim will presumably cache the fact this recipient is undeliverable
> and thus reject future valid senders without trying a new callout.
> So it would seem safer to verify recipients with MAIL FROM: <>
True. Also, what if the target host is itself using callouts to verify
the envelope sender? One wants to avoid callout cascades.
> In other words, the code seems right, the manual seems wrong.
I agree. Unfortunately, I have just "wrapped up" the 4.20 manual, and
I'm loath to unwrap it again at this late stage. I have therefore just
noted the change for the next edition, whenever that comes...
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
