Re: [Exim] SMTP Sender-verify callouts

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Alan J. Flavell, Exim users list
Subject: Re: [Exim] SMTP Sender-verify callouts

--On Monday, August 16, 2004 4:46 pm +0100 "Alan J. Flavell"
<a.flavell@???> wrote:

>
> There are some around here who say that verifying senders by callout
> is plain wrong, and I can appreciate their point...
>
> But from a practical point of view, I have reported that selective
> application of the technique can be beneficial. You certainly can't
> just turn it on globally and expect to get good results, that's for
> sure.


I think that depends on what you mean by "good". In my experience, we
reject in the region of 20,000 spams per day from sites that respond with
an "unknown local part" error (or similar).

We get about 500 per day that reject mail from the null sender, of which
less than 1% are false positives. Now, that's still quite high, but I'm not
inclined to accept the email.

Take one scenario: A local junior school emails a parent who is working
here, but is on leave. This is not unlikely - I've seen people selling
email truancy alert systems to schools. The parent has a vacation message
established. If the school isn't accepting messages with null senders, they
won't accept the bounce. The school will continue trying to contact the
parent (as is their legal responsibility), and fail - possibly because they
need the information in the contact message.

Better that I reject the message. At least the sender has a chance of
dealing with it. Hopefully the school's system will generate and deliver
its own bounced message.

Anyway, I have a script which emails me daily with a summary of messages
rejected because the sender domain won't accept bounces, and a summary of a
subset of domains that are of interest to me (.uk and .edu tlds, for
example).

Generally, I try to deal with one or two domains a week. I email them a
standard notification, and if the correspondents are real, I copy it to
them. I've been quite successful in persuading several institutions to fix
their configurations.

Two tips: (1) only deal with the genuine correspondence - most people don't
care that you might one day reject a message from them.
          (2) most postmasters don't care about this. You have to get the
correspondent on your side.
          (3) it helps to include MTA specific information - most IMail
postmasters, for example, don't seem to understand the problem. When
informed, they're often quick to fix it. IMail has a checkbox to allow the
postmaster to reject null senders!



--
Ian Eiloart
Servers Team
Sussex University ITS