----- Original Message -----
From: "Toralf Lund" <toralf@???>
To: "Exim Mailing List" <exim-users@???>
Sent: Friday, July 06, 2007 9:17 AM
Subject: [exim] Sender callout verification with warning only
> We recently found that we could no longer use Exim's sender callout
> verification on our MX because people here rely on various web services
> etc. that send auto-generated messages "from" addresses with incorrect
> local parts (and identifying all of them so that exceptions could be
> made also seemed difficult.) But, then I thought that I might at least
> add a warning if the callout fails, so the check_recipient ACL now has:
>
> require verify = sender
> warn !verify = sender/callout=defer_ok
> message = X-Sender-Warning: The email setup at
> $sender_address_domain does not accept messages to $sender_address
>
> Questions:
>
> 1. Does this look correct to you? (Note that I still want to reject
> messages if the domain part is incorrect, hence the first test.)
> 2. What header would you use for this warning?
Do you realise that callouts are considered abusive in anti-spam circles and
are often used in certain forms of ddos attacks ? Some major mail servers
even BLOCK based on the number of callouts they receive from a given IP.
Something like 80% of emails are spam, so 80% of your callouts are being
directed at totally innocent machines. Challenge response methods should be
considered in the same way.
All the best
Phil
_____________________________________________
Website Hosting from only £5.00 per month.
www.medwayhosting.com - +44 (0)1634 856965
_____________________________________________
Digital & Traditional Printing, and much more
www.medwayprint.com - +44 (0)1634 281199
_____________________________________________
