>>>>> "gascione" == gascione <george@???> writes:
gascione> # For sender domains, we do callout to verify if a sender
gascione> # exists.
gascione> deny
gascione> log_message = Sender verification with callout failed
gascione> !verify = sender/callout=5s,maxwait=30s
You'll lose legitimate mail with that - your timeouts are _MUCH_ too
short.
Better yet, turn it off entirely; it's an abusive practice, since it
relies on using other people's resources without consent. Most spam
is sent with forged sender addresses; if some spammer does a run of
50 million or so messages using senders in your domain, which is an
event which is happening to _someone_ pretty much all the time, would
your mailserver stand up to the load of 30 million or so attempts to
do either sender callout verification, C/R, or bounce messages? If
having your mailserver subjected to that kind of load doesn't appeal
to you, then DON'T CONTRIBUTE TO IT.
And no, caching the results of callouts doesn't make it OK (and nor
does it typically reduce the impact much for the victims).
--
Andrew, Supernews
http://www.supernews.com