Author: Jeremy Harris Date: To: exim-users @ exim. org Subject: Re: [exim] Re: bounce messages and their potential misuse
Peter Bowyer wrote: > On 30/03/06, Adam Funk <adam00f@???> wrote:
>>I'm thinking of MTA(n-1) as a department's outgoinggmailhub or ISP's
>>smarthost. It's usually configured to accept anything from within the
>>IP range it's supposed to cover,
That part it what it shouldn't do. By all means reject anything not
from that trusted IP range, but also do recipient verify callout
and reject anything that fails.
>> and use DNS MX to pick MTA(n) for
>>non-local recipients.
>>
>>That's the sort of situation in which I was under the impression that
>>MTA(n-1) would often be unable to get the recipient-verify callout
>>information. Have I got this wrong?
I don't see why "unable". Could you expand?
> You're right, it wouldn't use callouts.
I disagree. It should.
> But instead, it has a closed
> community of known senders for whom it relays, and it can safely
> assume that none of them is forging its sender address -
No. First, users fat-finger addresses. Give them a reject, not
a bounce. Second, they may pick up a virus despite all supposed
precautions, which gaily sends spam with faked senders, through
the department smarthost. Give them a reject too.
> so if it gets
> a rejection on a relayed message, it can return it to the sender
> knowing that the sender address is genuine.
>
> Peter