Author: Tor Slettnes Date: To: Andrew - Supernews CC: exim-users Subject: Re: [Exim] Delay 220 greeting to reduce spam?
On Jun 2, 2004, at 13:33, Andrew - Supernews wrote: >>>>>> "Tor" == Tor Slettnes <tor@???> writes:
>
> Tor> Exim's default timeout for callout checks is 30s; see section
> Tor> 38.22 in spec.txt.
>
> I'm aware of that. As far as I'm concerned it's a bug.
Well, the callout verification timeout should not be so large that the
original sender will timeout waiting for the response to a "MAIL FROM:"
(or "RCPT TO:") command. The original receiving host will want to
ensure that _it_ determines whether the message delivery should be
accepted, based on what it knows (i.e. can discover in a resonable
amount of time) or does not know about the validity of the sender.
One example: I am a backup MX for someone else; I verify "RCPT TO:" by
doing a recipient callout against the primary MX. I expect the primary
MX to be reasonably responsive when it is up, and thus use "defer_ok"
to accept the recipient if I cannot verify it in 30 seconds (typically
indicating that the machine is down).
> Callout is a somewhat borderline tactic in any event (certain large
> mail services, superficially an attractive target for callout
> verification due to frequent forgeries, _will_ block you if they catch
> you doing it). We use it only as a way of informing people that they
> are blocking us (turning it on for those specific domains means that
> they get to see their own rejection message in our response).
Neat.
I agree that doing callout verification is dubious by itself. So is
SPF. However, when you combine the two, two wrongs could actually make
a semi-right.
By doing callout verification, you ensure that the sender address
actually exists.
By doing SPF validation, you ensure that a valid address is allowed to
send you mail from a particular host.