Should the per-domain callout cache records be consulted for recipient
verification when use_sender is true? I suspect that they should not be
consulted, but in fact they are consulted.
For example: my server has "require verify=sender/callout", and someone tries
to email me from <someaddress@???>. coscon.co.uk's mail servers are
RFC-ignorant, and reject the null sender; therefore, all sender verification
for that domain will fail, and a callout cache record is written (as I
understand it) stating that verification for "coscon.co.uk" fails for all
local parts.
My server also has "require verify=recipient/callout,use_sender". When
someone now tries to send email *to* <someotheraddress@???> (or
indeed to the same "someaddress"), verification seems to fail, using the
cached callout record. However if the callout had actually been attempted, it
probably would not have failed, because the sender address was non-null
(therefore coscon's servers would accept the MAIL FROM command, etc).
My server's behaviour, the 4.62 source code (as far as I understand it), and
the spec, all seem to agree that this is what happens, but it doesn't seem
like a Good Thing. Is it a bug?
--
Dave Evans
Power Internet
PGP key:
http://powernet.co.uk/~davide/pgpkey