Author: Marc Perkel Date: To: Renaud Allard CC: exim-users Subject: Re: [exim] Verification Question - Random
Renaud Allard wrote: > Marc Perkel wrote:
>
> ...
>
>
>>>>
>>>>
>>> I used it for sender verification, not for recipient verification. There
>>> is a continuous debate about this kind of verification when there is a
>>> massive joe job. So this is a dilemma if you wish to verify every each
>>> address, you should accept being blacklisted. I think sender
>>> verification should only be used when the mail is already a spam suspect.
>>>
>>> If you use it for recipient verification, that generally means you are
>>> an MX gateway for some domains and that they should trust you if they
>>> are renting your services. If domains you are an MX for blacklist you or
>>> make you blacklisted, they just should fix their configuration.
>>>
>>>
>>>
>>>
>> I run a front end spam filtering service. To reduce sender verification
>> I do recipient verification first. The idea being that if the recipient
>> fails then I need not verify the sender. But some of my customers will
>> accept anything so I end up doing sender verification on every message
>> for them.
>>
>> So - my original thinking as if the customer accepted any address I
>> wouldn't do sender verification for them.
>>
>> But - this random thing looks very interesting. I can see how it would
>> prevent a lot of lookups if the sender accepted random addresses. But
>> would it result in additional callouts if the sender does NOT accept
>> random addresses.
>>
>
> Actually a recipient callout costs less than accepting the whole data
> and trying to deliver it.
>
>
>> Ideally if the random call failed then Exim should remember that to and
>> not make a new random call the next time. The docs say that it remembers
>> if the random call suceded, but will it remember if it fails?
>>
>
> If it fails, I think it will still retry a random callout the next time.
>
Yes - and that may be why you got blacklisted. Because every callout to
a host that didn't accept random calls resulted in at least one failure.
But maybe if I can make the system remember the failed random callout
then I can avoid multiple failures.
Ideally the fact that random failed should also be cached.