Re: [exim] Sender callouts

Pàgina inicial
Delete this message
Reply to this message
Autor: Ian FREISLICH
Data:  
A: Fred Viles
CC: exim-users
Assumpte: Re: [exim] Sender callouts
"Fred Viles" wrote:
> On 8 Apr 2005 at 11:58, Fred Viles wrote about
>     "Re: [exim] Sender callouts ":

>
> | On 8 Apr 2005 at 12:29, Ian FREISLICH wrote about
> |     "Re: [exim] Sender callouts ":
> | 
> | | Wakko Warner wrote:
> | | > Ian FREISLICH wrote:
> | | > > So you essentially land up connecting to the remote server and go
> | | > > MAIL FROM:<$sender_addres>
> | | > > RCPT TO:<$sender_addres>
> | |...
> | | > Won't go over too well if the sender's server uses SPF.  It's
> | | > also poss ible the site won't accept the sender if it's a local
> | | > domain and not authenticated.
> | |
> | | Hmm, I hadn't thought of that.  I haven't seen it fail that way
> | | yet.
> |
> | It would fail for messages from my domain.

>
> But it doesn't, apparently. I see no evidence of a failed callout
> in my log when I send you (Ian) a test message. I must be missing
> something. (rereads...)
>
> Ah! You do the use_sender callout only if the normal callout doesn't
> work. That's why my message got through.


You would have to mail me on my home address (ian@???)
with sender that would fail the first test to see the second test
take effect. I'm not about to roll out a test to some 300 mail
servers without extensive testing.

> Still, ISTM it doesn't make sense to try use_sender as a fallback (as
> opposed to use_postmaster) since it is entirely reasonable for sites
> to block spoofed local sender addresses.


    use_postmaster


    This parameter applies to recipient callouts only. For example:
..................................^^^^^^^^^^^^^^^^^^^^^^^
      deny  !verify = recipient/callout=use_postmaster


    It causes a non-empty postmaster address to be used in the MAIL
    command when performing the callout. The local part of the address
    is postmaster and the domain is the contents of $qualify_domain.


Either way exim requires a patch. Either way it allows you to do
some foot shooting, besides exim is so flexible, if used incorrectly
allows some severe foot shooting. On that case alone, I'd argue
for both use_postmaster and use_sender to be allowed in sender
callouts. The latter, because if you allow use_postmaster, you can
set the postmaster address, so you don't really gain anything by
denying use_sender.

Ian

--
Ian Freislich