------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=823
--- Comment #2 from Jaco Kroon <jaco@???> 2009-03-20 15:55:14 ---
(In reply to comment #1)
> To solve the security problem when routing mail to dynamic addresses, I'd
> recommend to use TLS/SSL certificates instead of SMTP AUTH. You probably use
> TLS anyway. Check
I'm not that worried about the security. The issue I'm trying to address is
the one where some other mail server comes up on my dangling IP and rejects my
mail, causing my own mail server to bounce my own mail instead of just caching
it. The idea is simple: if authentication fails entirely it's a temporary
error instead of a permanent one, causing a retry again at a later stage.
> > Also, I should be able to create a router that "steals" the routing in the case
> > of verify to only check that the email address exists locally and not cause
> > SMTP callouts.
>
> Check the generic verify_* router options:
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch15.html
>
> These can also be inverted by prefixing them with "no_"
> ("no_verify_recipient"). You can then define a fall-through router that just
> accepts (and has verify_only set).
Hmm, the no_verify_recipient might be a better option, I've done the
verify_only thing and just duplicated the option there making it go to
:blackhole: instead of the actual target. Clearly not the cleanest way, but it
serves the purpose.
I do disagree with the closing of the bug though. If a transport is set up to
require authentication then that authentication should be used in the case of
callout verifies as well. I'll leave this decision up to you though, other
options imho is workarounds and does not address the real problem.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
