On Fri, May 07, 2004 at 11:15:10AM +0100, Tim Jackson wrote:
> Hi Andy, on Fri, 7 May 2004 11:10:46 +0100 you wrote:
>
> > But if the option to allow the user of the sender address in callouts
> > for recipient verification exists, surely this also brings the changes
> > of callout loops. I don't see an awful lot of difference between the
> > implementation of "use_sender" on recipient callout vs. sender
> > callout. Please let me know if I'm missing a vital point here :-)
>
> You're right that the possibility of callout loops still exists, and the
> methods are conceptually similar, but the key point is that recipient
> verification is typically used for front-line machines acting as gateways
> for trusted systems, not against arbitrary domains/systems (which is how
> sender verification is typically used).
I wish that were true. However, I now have evidence which points
towards sites _unconditionally_ turning on recipient verification
on their outgoing mail servers.
--
Russell King
Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/
maintainer of: 2.6 PCMCIA - http://pcmcia.arm.linux.org.uk/
2.6 Serial core