Re: [Exim] Callout verification

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Russell King
Date:  
À: Tim Jackson
CC: exim-users
Sujet: Re: [Exim] Callout verification
On Fri, May 07, 2004 at 11:15:10AM +0100, Tim Jackson wrote:
> Hi Andy, on Fri, 7 May 2004 11:10:46 +0100 you wrote:
>
> > But if the option to allow the user of the sender address in callouts
> > for recipient verification exists, surely this also brings the changes
> > of callout loops. I don't see an awful lot of difference between the
> > implementation of "use_sender" on recipient callout vs. sender
> > callout. Please let me know if I'm missing a vital point here :-)
>
> You're right that the possibility of callout loops still exists, and the
> methods are conceptually similar, but the key point is that recipient
> verification is typically used for front-line machines acting as gateways
> for trusted systems, not against arbitrary domains/systems (which is how
> sender verification is typically used).


I wish that were true. However, I now have evidence which points
towards sites _unconditionally_ turning on recipient verification
on their outgoing mail servers.

--
Russell King
 Linux kernel    2.6 ARM Linux   - http://www.arm.linux.org.uk/
 maintainer of:  2.6 PCMCIA      - http://pcmcia.arm.linux.org.uk/
                 2.6 Serial core