[exim] Broken ChoiceMail

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: exim-users
Subject: [exim] Broken ChoiceMail
I received the message that is included below. It appears that the
ChoiceMail product is so advanced that it refuses mail with an empty
SMTP sender - a situation which they see no problems with.

I did respond, however their mail system also has a CRAP (Challenge
Response Authorisation Protocol) front end "to cut down spam", so I'm
afraid they are going to have to live with their own problem.

How do people manage to reproduce basic mistakes so often...

    Nigel.


-------- Forwarded Message --------
From: Nebojsa Djogo <address removed>
To: Postmaster@???
Cc: David H. Jameson <address removed>
Subject: Exim issues
Date: Wed, 2 Feb 2005 12:26:47 -0500
Hello,

I am the VP of Software Development at DigiPortal Software that makes a
product called ChoiceMail.

Some of our customers reported that they cannot send mail to certain
domains. After careful investigation I found out that Exim mail server
is performing sender verification in a very unusual way.

It seems that after receiving the RCPT TO: command - Exim is trying to
connect to the mail server of the original sender and issue MAIL FROM: /
RCPT TO: commands to verify that the mail sent to that address will
indeed be accepted by that mail server.

While that seems like an ok thing to do - the way that Exim server is
doing this verification is questionable.

During the verification process Exim sends an empty from address like
this
MAIL FROM:<>
… And is expecting the remote server to accept that email.

Our software is specifically designed not to accept mail FROM an empty
email address. Accepting mail from an empty email address should not be
allowed. The sending party must be identified.
Our software then sends back the 503 error to Exim complaining about
invalid MAIL FROM command. Exim takes this and fails the verification
process resulting in inability to send the message.

I propose that you change your verification process so that it uses a
real FROM address (it should be the actual original recipients address)
during the verification. That should fix this issue as well make your
process more reliable.

Any thoughts on this are greatly appreciated.

Thanks,

___________________________
Nebojsa Djogo
VP, Software Development
DigiPortal Software

-- 
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]