On Fri, Feb 13, 2004 at 05:08:28PM -0000, Ian Toogood wrote:
> I know this is an old thread, but I'm having the same problem with MX's that
> reject MAIL FROM: <> being blocked
>
> Was there anything resolved regarding this issue - the callout verification
> stops a LOT of spam, and I am unwilling to turn it off
>
> Maintaining a whitelist is time consuming and not practical - our users are
> getting very upset when legit mail is stopped because of this
>
> The idea below is similar to the solution I am looking for - how can I
> incorporate this?
>
> >My idea would be to _first_ try "MAIL FROM:<>", and only if that was
> >rejected try other values. Any site not accepting "MAIL FROM:<>" isn't
> >very likely to be doing callbacks. Also, It has actually occured to me
> >that the best value to use in the "MAIL FROM" (if <> is rejected) is the
> >same address that you are trying to verify. It is VERY unlikely that a
> >site will reject "MAIL FROM:<>", do callbacks, *AND* do callbacks on its
> >OWN addresses.
For that matter, I was reading on the greylisting site that postfix
allows to do callbacks from postmaster@ instead of <>
While this is dangerous because of loops, it would be reasonably safe to
have callbacks from <>, and if they fail, try again from postmaster
The one question is, do you only switch to postmaster if mail from: <>
is refused, or also if the rcpt to is refused?
Most sites that reject null do reject it after mail from, but a few of
them seem to wait rcpt to time (moron + moron = double moron).
Doing a second callback because rcpt to failed doesn't sound as safe,
and probably isn't really needed to take care of all cases anyway.
Last time I discussed this with Philip, he didn't seemed overjoyed with
the idea (his words weren't "over my dead body" :) but did convey the
fact that he had little sympathy for the broken remote sites and wasn't
overjoyed with doing a double callback in his code just to deal with them)
I personally haven't had to deploy exim in a place where I couldn't
deploy it without callbacks otherwise, but I might soon have to and will
probably code up the above if no one beats me to it.
(don't let that statement stop you from doing it yourself though, due to
how my job is, it may not happen before a while)
Either way, I've seen enough demand for a double callback setup due to
the amount of broken sites and how some exim shops have to accept mail
from them anyway, that it will get coded up and spread, even if it only
ever remains a patch
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key
