On Tue, Apr 12, 2005 at 09:58:01AM +0100, David Woodhouse wrote:
> > Is it even a good idea to do this? BATV seems like the simplest, and
> > least Anti-social way of guaranteeing that a message is a legitimate bounce,
> > but Surely if this was the case it would already have much wider acceptance?
> > What Are the the reasons not to use it?
>
> For a start it means your rempte users _MUST_ use SMTP AUTH to go
> through your servers (or perhaps generate their own BATV tags, but going
> through your servers is easier.
>
> It means that occasionally a broken and dangerous autoresponder which
> replies with a non-bounce message xor to the From: header address
> instead of the reverse-path will fail to get its important message
> through.
So this reminds me of a problem we've already seen between your mail
server and mine:
If one refuses bounces to their header from address, this breaks exim
callbacks to the header from (I do callbacks to both env and header from
since I don't want to accept mail I can't reply to)
So, is the new conscensus that I should stop doing callbacks on header
froms or that people should refuse bounces to their header from address
at DATA and not RCPT TO?
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key
