Hi,
the acl_check_rcpt ACL in the default config has the following logic:
(1) Accept local SMTP
(2) Deny restricted characters in recipient addresses
(3) Accept postmaster
(4) Verify Sender
(5) "Recipient verification is omitted here"
(6) Accept relay_from_hosts
(7) Accept authenticated
(8) DNS Black Lists
(9) CSA
(A) Accept local domains with recipient verification
(B) Accept relay_to_domains with recipient verification
(C) Deny relay not permitted.
This means that e-mails to non-existent local addresses are passed
through all DNS Black Lists, which is possibly expensive, before
they're caught by recipient verification. The rationale given in (50)
is that clients might cope better with a bounce message instead of an
SMTP time error message.
I think that the same can be accomplished with the following ACL:
(1) Accept local SMTP
(2) Deny restricted characters in recipient addresses
(3) Accept postmaster
(4) Verify Sender
(5) Accept relay_from_hosts
(6) Accept authenticated
(7) Deny invalid recipients ("deny !verify=recipient")
(8) DNS Black Lists
(9) CSA
(A) Accept local domains
(B) Accept relay_to_domains
(C) Deny relay not permitted.
This logic is as friendly to clients that are allowed to relay (by
accepting their message before rejecting it for invalid recipient),
while keeping the DNS black list checks after recipient verification.
Am I missing something here? Or is this worth changing locally and/or
in exim's default configuration? I'd like to stay close to exim's
default, so in my current train of thoughts, Debian's packages are
most probably going to do this change only if the exim distribution
does as well.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
