On Tue, 2005-01-04 at 09:54 -0500, Marc Sherman wrote:
> Have you been using it for very long, and have you found it effective?
> Any problems you've noticed, such as receiving sites that don't like the
> munged envelope-from?
I've been using it for about 11 months now. It's close to 100% effective
in rejecting bounces to mail which I didn't actually send, and it also
allows anyone doing sender verification callouts to reject fake MAIL
FROM:<dwmw2@???>.
The only recipient I've come across which doesn't like the munged
envelope-from is an ezmlm list configured to allow only subscribers to
post. There are theoretically other cases where it matters but I haven't
come across those.
> I think I'd modify it to teergrube and add a header which Spamassassin
> would score harshly, rather than reject, for my site.
I wouldn't bother -- the interoperability problems are far more likely
to be in the other direction. You gain little by continuing to accept
_bounces_ to an address which you know didn't send mail.
> In the rpr.html version, there's a comment at the top of the config:
> # Urgh. Isn't there a better way to detect that we're in sender
> # verification?
> # -- This will apparently be fixed in Exim 4.31
>
> What was that referring to? I'll assume it was fixed, since I couldn't
> find a similar block in the routers-ses part.
Yes. Once upon a time, the $sender_address expansion variable wasn't
empty when we went through the routers for sender verification. Hence
the trick with $address_data. In the later version it's sufficient just
to use {!eq {$sender_address}{}}.
--
dwmw2
