Re[3]: [Exim] Callout verification

Top Page
Delete this message
Reply to this message
Author: Andy Fletcher
Date:  
To: exim-users
Subject: Re[3]: [Exim] Callout verification
-----Original Message-----
Friday, May 7, 2004, 12:08:58 PM, you wrote:


> On Fri, 7 May 2004, Andy Fletcher wrote:


>> My knowledge of exim may show as thin here, but don't forwarded
>> addresses get verified with recipient verification - if someone sets
>> and alias to forward elsewhere, then the destination address is
>> checked?


> Only by trying to deliver the message to it. :-) There is no point in
> pre-verififying. (You are probably thinking of errors_address, but that
> is verified without callout.)


I read this in the manual:

"When an incoming address is redirected to just one child address,
verification continues with the child address, and if that fails to
verify, the original verification also fails."

Am I interpreting this wrong? If so, you win :-) If not, is my point
valid?

>> I'm still not sold on why "use_sender" is a good idea on recipient
>> callouts, but not sender.


> It it only a good idea if the hosts to which you make the callout alter
> their behaviour depending on the sender (e.g. sender A is permitted to
> mail to recipient B, but sender C is not). Otherwise, it just wastes
> resources because the caching is not so effective.


> Typically, internal hosts to which you do recipient callouts will trust
> the gateway host, so will not themselves be doing sender callout checks.


I think I've lost my argument that both are liable to the same
conditions of loops, though I still maintain the arguments against
callout "use_sender" on sender verification can be applied to
recipient checks too.

Personally, do you have a suggestion as what to do about broken
mailservers rejecting the a null MAIL TO? I know it's wrong, and I'd
love to re-educate the admins of these servers, but sometimes it's not
practical to do so... and there do seem to be a lot of servers
configured to do this, it's not just the odd isolated incident. Is
is worth considering the point at which the 5xx code is returned,
personally I would say it is - but I'm sure others disagree :-)

Any thoughts/suggestions welcome.