[exim-dev] [Bug 855] New: Sender-callout-Verification should…

Top Page
Delete this message
Reply to this message
Author: 855
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 855] Sender-callout-Verification should use VRFY not RCPT TO
Subject: [exim-dev] [Bug 855] New: Sender-callout-Verification should use VRFY not RCPT TO
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=855
           Summary: Sender-callout-Verification should use VRFY not RCPT TO
           Product: Exim
           Version: N/A
          Platform: Other
        OS/Version: Windows
            Status: NEW
          Severity: bug
          Priority: medium
         Component: SMTP Authentication
        AssignedTo: nigel@???
        ReportedBy: bugzilla@???
                CC: exim-dev@???



Excuse any mistakes I've made in filing what I believe is a 'bug report'.

Using RCPT TO instead of VRFY (as provided for by RFC) during
sender-verification-callout will cause the MTA to be black listed on
backscatter.org


http://www.backscatterer.org/index.php?target=sendercallouts


In my opinion, the Sender-Verification should use VRFY as provided for in the
RFC.

Optionally a hard-fail switch can be added to reject mail from any domain which
has disabled their VRFY feature (thus breaking RFC compliance). If an admin
does not want to allow VRFY, then we can refuse to accept their email. But we
should not be using the wrong command for our purposes.


The following is interpreted by many admins as an attempt to bypass their
attempts to disable sender-verification, and is clearly (to me) not in keeping
with the RFC which specifies VRFY for sender verification.

**********************************************************

39.34 Sender address verification reporting

When sender verification fails in an ACL, the details of the failure are given
as additional output lines before the 550 response to the relevant SMTP command
(RCPT or DATA). For example, if sender callout is in use, you might see:

  MAIL FROM:<xyz@???>
  250 OK
  RCPT TO:<pqr@???>
  550-Verification failed for <xyz@???>
  550-Called:   192.168.34.43
  550-Sent:     RCPT TO:<xyz@???>
  550-Response: 550 Unknown local part xyz in <xyz@???>
  550 Sender verification failed



--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email