[exim] Re: bounce messages and their potential misuse

On 2006-03-30, Peter Bowyer <peter@???> wrote:

>> >> But when MTA(n) rejects a message that MTA(n-1) is trying to relay,
>> >> MTA(n-1) has to bounce it, right?
>> >
>> > MTA(n-1) shouldn't accept messages to invalid recipients in the first
>> > place. If it has no direct knowledge of valid recipients, it should do
>> > callouts.
>>
>> I understood those weren't reliable because (there may be other
>> reasons?) in many cases MTA(n) is configured not to give out that
>> information because spammers could use it.
>
> The usual use case here is a 'border' MTA receiving mail for a known
> list of domains and forwarding to inner mailbox servers. In those
> controlled circumstances, recipient callouts are just fine. They
> shouldn't be used to indiscriminate destinations - but an MTA
> shouldn't be relaying for indiscriminate destinations either.

I'm thinking of MTA(n-1) as a department's outgoinggmailhub or ISP's
smarthost. It's usually configured to accept anything from within the
IP range it's supposed to cover, and use DNS MX to pick MTA(n) for
non-local recipients.

That's the sort of situation in which I was under the impression that
MTA(n-1) would often be unable to get the recipient-verify callout
information. Have I got this wrong?