Re: [exim] BATV and sender verification.

Christopher Meadors wrote:

>> I have one user (having problems) send me emails. He's using BATV and I'm
>> using sender callout. I bounce every one of his messages because exim
>> does the callout on the envelope address. He was able to send until
>> he started doing BATV. I've read the papers on BATV and from what I
>> can see, he should be keeping track of his outgoing envelopes and they
>> should come back as valid if I do a bounce. Can somebody confirm if my
>> interpretation is correct on this.
>
> If both are implemented correctly, BATV and sender verification callouts
> should play well together.
>
> BATV signs the "MAIL FROM:" return envelope address. Callouts should
> use that address as the "RCPT TO:" with a null "MAIL FROM:<>". That
> null sender will trigger the BATV check, which should test correctly.
>
> If the callout is using the FROM: header received during the DATA phase
> with a null sender, that could cause the BATV test to fail.

When I set up BATV on my own system I was ultra-paranoid and concerned
that legitimate queries against my server to check the validity of email
addresses might be broken by it.

So what I did was to restrict emails from null senders to having only
one recipient (defer further RCPT TO's), which is almost always the
case. Then I perform the BATV check in the predata ACL. That way other
peoples callouts aren't affected by BATV checks.

Regards,
Mike