>
>>> require verify = sender/callout
>>> [...]
>>>
>>> Now if I understand this correctly, the verify sender should check
>>> that the sender is valid, at least from a delivery standpoint. So I'd
>>> imagine that if a message delivery attempt was made from a
>>> non-existant user at a fake domain that the message would get
>>> rejected, but this doesn't appear to be the case for me:
>>
>> Have you sighupped exim after having changed the configuration?
>
> Yes.
>
> Any ideas?
> --
>
> -dhan
Hmm, that should work - provided you made sure that your test domain really
doesn't have a mail server. You should use EXAMPLE.COM: a domain that is
guaranteed to be non-existant by RFC whateveritis.
You should get a temporary error when you test this:
ehlo ash
250-rinka.central.susx.ac.uk Hello ianeiloart.plus.com [212.159.124.126]
250-SIZE 10485760
250-PIPELINING
250-AUTH LOGIN
250-STARTTLS
250 HELP
mail from: ian@???
250 OK
rcpt to: iane@???
451 Sender verify callout did not complete
Note that success on a sender verify callout does not guarantee that the
user exists. Some mailers don't reject recipient addresses until the
message body is sent. I think this may be to prevent spammers collecting
valid email addresses from the server. However, I don't think spammers do
much of that.
Are you sure that the callout is going to the correct host, and not to a
local relay? I've tried your test, using a bad sender address from our
domain while snooping the network, and I haven't seen any attempt on your
part to contact our server.
--
Ian Eiloart
Servers Team
Sussex University ITS
