Re: [Exim] Callout verification

Hi Andy, on Fri, 7 May 2004 11:10:46 +0100 you wrote:

> But if the option to allow the user of the sender address in callouts
> for recipient verification exists, surely this also brings the changes
> of callout loops. I don't see an awful lot of difference between the
> implementation of "use_sender" on recipient callout vs. sender
> callout. Please let me know if I'm missing a vital point here :-)

You're right that the possibility of callout loops still exists, and the
methods are conceptually similar, but the key point is that recipient
verification is typically used for front-line machines acting as gateways
for trusted systems, not against arbitrary domains/systems (which is how
sender verification is typically used).

Tim