[beast@system-tnt.dk: Re: [Exim] Exim 4.32 Released]

On Thu, Apr 15, 2004 at 10:02:30AM +0100, Russell King wrote:
> On Thu, Apr 15, 2004 at 09:37:39AM +0100, Philip Hazel wrote:
> > -------------------------------------------------------------------------------
> > This release fixes a serious recipient callout caching bug that was introduced
> > in 4.31. Also, I have reversed the change in 4.31 that caused Exim to use the
> > real sender when doing recipient callouts (which is where the bug was). The
> > default behaviour is now what it was in 4.30. However, there is a new option
> > to request the altered behaviour.

What kind of problems showed up?

> My point is that recipient verification should only be used for domains
> under the same administrative control.

Which kills one of the better uses. We run frontend for some
customers, so they'll get their bloody calendar, and we'll kill off a
lot of spam and malware for them.

I don't have administrative control of those Exchange servers, I don't
*want* administrative control of them. Recipient verification is my
only option to avoid having to deal with undeliverables.

So I'm very keen to hear about what problems might be associated with
doing callouts with the real sender. I'm sure I've overlooked
something, but since we're going to try the exact same envelope,
usually in a matter of seconds, I should think it's reasonably
'safe'.

(Thought: If Exim could keep that callout open, and actually try the
delivery as soon as it's accepted the message right after, that would
be insanely cool. But I know, it's just gonna stay a wet dream.)

--
Thomas
beast@???