(Ooops, subject was meant to be "multi-use" not "user")
On Mon, Aug 04, 2003 at 05:03:38AM +0100, Andrew - Supernews wrote:
> # We probably don't really care about ident anymore nowadays...
> rfc1413_hosts = !*
>
> Checking ident allows you to do one useful thing, which is to reliably
> reject mail from Cacheflow proxies; we reject 50-100 connects/day for
> that reason alone. e.g.:
>
> deny condition = ${if eq{$sender_ident}{CacheFlow Server} {yes}{no}}
Ok.
Problem is that it also delays mails, and in some cases I've even had ident
on my side prevent the other side from sending me mail because of the delay
exim had in the ident.
I suppose I could put it back though and put a 10s timeout or something.
Checking for CacheFlow sure seems like a good thing.
> # But you can get a warning with this (in theory, I couldn't find it)
> helo_try_verify_hosts = !*
>
> It seems that verify = helo in an ACL only works _after_ the helo acl
> itself (if any); you have to check it in a mail or rcpt acl. Then it
> works as specified, but you don't want to reject mail based on it (for
> example, Hotmail servers helo as hotmail.com, which doesn't verify).
Absolutely. I don't reject on verify, I only check that it's not a non
qualified name (takes care of most of the bad helos without blocking people
who send mail from internal hostnames I can't resolve)
I'll put in some updates with your feedback, thanks.
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key