Author: Richard.Hall Date: To: Marc Haber CC: exim-users Subject: Re: [exim] Doing recipient verification earlier in the
defaultconfig
On Tue, 25 Jul 2006, Philip Hazel wrote:
> On Mon, 24 Jul 2006, Marc Haber wrote:
>
> > I think that the same can be accomplished with the following ACL:
> > (1) Accept local SMTP
> > (2) Deny restricted characters in recipient addresses
> > (3) Accept postmaster
> > (4) Verify Sender
> > (5) Accept relay_from_hosts
> > (6) Accept authenticated
> > (7) Deny invalid recipients ("deny !verify=recipient")
> > (8) DNS Black Lists
> > (9) CSA
> > (A) Accept local domains
> > (B) Accept relay_to_domains
> > (C) Deny relay not permitted.
>
> I was waiting to see if anybody else commented on this thread, but I
> don't think anybody has.
Oh, if I only had time ...
Playing devil's advocate ... I'm sure I could find a way to make recipient
verification more expensive than DNS blacklists ;-) [Actually, it sounds
like Tony already has ;-)]
Since the original concern (IIRC) was performance, it may be worth
pointing out that DNS blacklist lookups are effectively done only once per
per connection, because of caching (and in effect even less than that
because of caching nameservers), whereas recipient verification has to
be done once per recipient.
