RE: [Exim] Sender Verify

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Chris Meadors
Datum:  
To: exim-users
Betreff: RE: [Exim] Sender Verify
On Thu, 2004-07-01 at 11:51 -0400, David Brodbeck wrote:

> It depends on the sites you get mail from. The default timeout is 30
> seconds, which is too short. Sites that take longer than this to respond,
> for whatever reason, won't be able to send you mail. The timeout is
> configurable; 1 or 2 minutes is probably a good value. You may want to set
> up your ACL so you can put in a list of sites that you don't want to do
> callouts for, so you can whitelist any problem sites you need to get mail
> from.


You might also want to look at the "random" option. There are sites
(like yahoo.com) that accept mail for all usernames. This will minimize
the callouts to those sites, since they will always succeed.

> It's also a slightly controversial thing to do because it can consume
> resources on unrelated sites. If somebody spoofs a bunch of mail with
> example.com as the return address, suddenly example.com has to deal with
> responding to callouts for mail it never sent.


I think in most cases, there are many mails sent with the same FROM
address. So caching will take care of that. The only time this becomes
a problem is if the person spoofs a different return address for each
e-mail.

The biggest (and by biggest I mean 11 cases so far this year) problem I
have found is people running IMail who refuse mail from a null sender.
There have also been a couple cases of webforms sending out e-mail with
an e-mail address at that machine's FQN, when the machine doesn't have a
mail server. Maybe I've been lucky, but I have been able to resolve all
issues that have come up so far.

> It's undeniably a very effective anti-spam technique, though.


It stops 250,000 e-mails a day coming into my server. With as I said,
only about a dozen complaints that have been since resolved.

--
Chris