First, thanks for your reply.
On Sat, 2007-06-23 at 12:39 +0200, Magnus Holmgren wrote:
> The expansion variables $acl_verify_message and $sender_verify_failure
> exist. It's possible that they may be of some use.
I've tried reading $acl_verify_message both in the same warn
clause as the "verify=sender/callout" and in a folloup
warn clause, but it doesn't seem to get filled in
case of a defer (or possibly, in case it is used inside
a warn clause). Am I doing something wrong here?
$sender_verify_failure on the other hand doesn't
appear to behave consistently with respect to a defer
(reading the code), for instance "recipient" is
only set on non-temporary errors(verify.c:632), but "mail" is
set for both temporary and permanent failures (verify.c:520).
Maybe that's a programming glitch though, and could
thus be fixed, it doesn't look very intentional to me...
> As an alternative approach, you can simply use the verify = sender
> condition multiple times (with or without defer_ok). The result is
> cached, so that repeated callouts are avoided. I'm not 100% sure about
> temporary callout failures however.
The thing is, I do not want to fail or defer based
on callout failures, I want to use the callout-ok information
to NOT do "reverse_host_lookup" (this works nicely) and
the callout-defer information to turn reverse_host_lookup
failures into temporary failures.
The rationale behind this is that reverse_host_lookup
is unfortunately not universally enforceable in
my scenario, there are simply too many badly configured
business mail servers out there, so I would like
to skip reverse_host_lookup whenever I can
do a callout verification.
But I need some way to handle defers as well, otherwise
this sort of whitelisting does significantly reduce
the UCE fighting effect.
> Additionally, you might want to perform the much lighter
> reverse_host_lookup check first, e.g.
>
> deny !verify = reverse_host_lookup
> !verify = sender/callout=30s,connect=10s/no_details
>
> to reject if the reverse host lookup *and* the sender callout
> verification fails, and to defer if the latter defers.
>
> To avoid hitting to many innocent Joes, It's even recommended that you
> save sender callout verification as the last check in the DATA ACL.
It's pretty much one of the lastest (is that a word? ;-)
already...
