Autor: Peter Bowyer Datum: To: Exim users mailing list Betreff: Re: [exim] sender callout mail_from change
On 31/01/07, Mike Cardwell <exim-users@???> wrote: > * on the Mon, Jan 29, 2007 at 06:40:01PM +0000, Mike Cardwell wrote:
>
> >>>> Recently, when I've re-added a 'require verify =
> >>>> sender/callout=5s,maxwait=30s,fullpostmaster,defer_ok' to my ACL, I
> >>>> noticed that some of the mails are rejected because the sender's mail
> >>>> server refuses to accept mail with <> as origination.
> >>>> Is there a way to make the MAIL FROM:<> to be replaced with some valid
> >>>> address? I was thinking about using something like MAIL
> >>>> FROM:<verifycallout@???> where verifycallout as an alias to
> >>> Yes. Add ,mailfrom=verifycallout@$domain to the verify condition.
> >> ... and watch out for loops.
> > Hi. Just for my own piece of mind, what loops could occur here? Don't
> > forget the callout cache...
>
> No one has mentioned why sender callouts without a null sender are "bad"
> yet. As far as I can see the worse that can happen is, a remote mail
> server connects to yours, and sends a "MAIL FROM" and a "RCPT TO". You
> then connect to the MX for the domain in the MAIL FROM, and do the same,
> using the value of the "RCPT TO" in the mail from of the callout. They
> then connect back to you to do a sender callout themselves. Then it
> stops due to the cache... And this would only happen in the rare
> circumstances that both servers are using sender callouts...
If your server is performing a sender callout, it's because the sender
isn't in its cache. When the reverse callout comes back, the sender is
the same and still isn't in the cache because the first callout hasn't
completed, so the loop continues.