Author: Peter Bowyer Date: To: exim users Subject: Re: [exim] Re: bounce messages and their potential misuse
On 30/03/06, Adam Funk <adam00f@???> wrote: > On 2006-03-30, Peter Bowyer <peter@???> wrote:
>
> >> >> But when MTA(n) rejects a message that MTA(n-1) is trying to relay,
> >> >> MTA(n-1) has to bounce it, right?
> >> >
> >> > MTA(n-1) shouldn't accept messages to invalid recipients in the first
> >> > place. If it has no direct knowledge of valid recipients, it should do
> >> > callouts.
> >>
> >> I understood those weren't reliable because (there may be other
> >> reasons?) in many cases MTA(n) is configured not to give out that
> >> information because spammers could use it.
> >
> > The usual use case here is a 'border' MTA receiving mail for a known
> > list of domains and forwarding to inner mailbox servers. In those
> > controlled circumstances, recipient callouts are just fine. They
> > shouldn't be used to indiscriminate destinations - but an MTA
> > shouldn't be relaying for indiscriminate destinations either.
>
> I'm thinking of MTA(n-1) as a department's outgoinggmailhub or ISP's
> smarthost. It's usually configured to accept anything from within the
> IP range it's supposed to cover, and use DNS MX to pick MTA(n) for
> non-local recipients.
>
> That's the sort of situation in which I was under the impression that
> MTA(n-1) would often be unable to get the recipient-verify callout
> information. Have I got this wrong?
You're right, it wouldn't use callouts. But instead, it has a closed
community of known senders for whom it relays, and it can safely
assume that none of them is forging its sender address - so if it gets
a rejection on a relayed message, it can return it to the sender
knowing that the sender address is genuine.