Autor: Alan J. Flavell Data: A: Exim users list Assumpte: Re: [exim] Re: using rfc-ignorant as a whitelist!?!?!? (was: a large
number of domains fronted by Exim are refusing bounces...)
On Tue, 21 Jun 2005, John Horne wrote:
> Curious about the last statement there. The manual says
> 'use_postmaster' is for recipient callouts (callforward) only. Yet,
> surely use of rfc-ignorant.org is for sender callouts (callback)?
One should not be using non-null envelope sender addresses on this
kind of transaction to an arbitrary MTA. That risks creating mail
loops - and just imagine what happens when they decide to verify your
envelope sender address by calling _you_ out, using a non-null
envelope sender, and you then call that envelope sender out to check
it, and so on...
If the remote host repudiates a transaction that has a null envelope
sender, then it's a matter of policy what you then decide to do about
it. Giving a 5xx response to a null envelope sender seems to be a
routine with Chinese mail servers, and I happily put those into our
callouts list so that they can reject their own mail, most of which is
spam, and I'll have an RFC to throw at the tiny fraction that's bona
fide. But a few other cases, we have to accept their mail for
business reasons, even though they are violating the RFCs.
In the call-forward situation, on the other hand, the normal
arrangement is that you have some kind of relationship with the end
MTA, so you can liaise with them to avoid the kind of unpleasantness
that might arise with other, arbitrary, MTAs. As I see it, that's the
key difference between sender callouts and recipient call-forwards.
Just to make this clear: we don't use callouts on a blanket basis by
any means! But it can, currently, be a useful strategy in limited
circumstances against spam. Previous discussion of the topic applies,
I don't want to open old wounds again.
Apropos misbehaved MTAs, can someone explain the remarkable proportion
of .br MTAs which seem to respond to unknown user with a 4xx response
code? Some of that Brazilian spam gets retried for days on end, and
repeatedly tempfailed with unknown sender, before they finally give
up.