Re: [exim] Sender callout verification on BATV signed addres…

Top Page
Delete this message
Reply to this message
Author: David Saez Padros
Date:  
To: Dave Pooser
CC: Exim users
Subject: Re: [exim] Sender callout verification on BATV signed addresses
Hi

>> In the other hand we do callouts with a special
>> username (not <>) to avoid problems with servers rejecting bounces
>
> No matter your opinion on callouts, that is an epically bad idea. Imagine
> that you and I are both doing that, and I want to send you an email:
>
> You get an email from dave-exim@???
>     Your server replies with a callback from foo@???
> My server sees an incoming message from foo@??? to
> dave-exim@??? and responds with a callout from bar@???
>     Your server responds with a callout from foo@??? to
> bar@???....


unless you accept anything for foo@??? wihtout doing any
check (including callouts) at rcpt (and reject anything reaching
predata)

--
Best regards ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       telf    +34 902 50 29 75
----------------------------------------------------------------