Re: [Exim] callout suggestion

On 2/23/2004 9:18, "Tabor J. Wells" <twells@???> wrote:

> On Mon, Feb 23, 2004 at 05:00:33PM +0000,
> Philip Hazel <ph10@???> is thought to have said:
>
>> On Mon, 23 Feb 2004, Nigel Metheringham wrote:
>>
>>> One wrinkle is that recipient callouts that use the originating sender
>>> can only be cached as a sender/recipient pair, so there may be rather
>>> more callouts than you expect.
>>
>> I will look at these issues, but probably not in the immediate future.
>>
>> It occurs to me that, back in 1982, VRFY was invented... I wonder if
>> recipient callouts should be using VRFY? Hmm...
>
> I haven't seen a site have VRFY enabled on their MTA in any meaningful way
> in the better part of 10 years. They usually either have it disabled across
> the board or have it return success for any address.

Our SMTP servers are set up to give valid results for VRFY (and EXPN) for
about four specific hosts on the desks of administrators. The ACLs make
this easy...back in Exim 3 VRFY was just turned off.

I wonder whether anyone bothers to use VRFY for dictionary attacks any more.
Probably not (until sites turn it back on in large numbers).

--John