On Tue, 2003-05-20 at 16:41, Tony Earnshaw wrote:
> man, 19.05.2003 kl. 15.09 skrev Nigel Metheringham:
>
> > Sender verification is now done by callback - although this is done in
> > such a way that callback process failures will not block senders.
>
> What's the point of the above, then? My ears pricked up at it, since I'm
> one of those using a dialup connection direct from my Exim 4.20 server
> to exim.org, send whatever's in the queue (an automatic 'exim -qff' on
> connection with my ISP), wait for SA-Exim to collect whatever my ISP
> kicks at port 25, then switch off. I'm possibly (not very likely) off
> the air when exim.org has done its callback (my MX record is that of my
> ISP's mail store). If the point isn't to blacklist my own Exim server,
> why do you do it at all?
It picks up a lot of the attempted spam injections which are using
sender addresses which don't check out. Yesterday blocked around a
hundred injects that look pretty bogus (a couple were open relay
testers). We also blocked a few virus injection attempts.
It doesn't prevent forged injections using a valid sender address, but
it does at least raise the bar.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
