------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=855
Summary: Sender-callout-Verification should use VRFY not RCPT TO
Product: Exim
Version: N/A
Platform: Other
OS/Version: Windows
Status: NEW
Severity: bug
Priority: medium
Component: SMTP Authentication
AssignedTo: nigel@???
ReportedBy: bugzilla@???
CC: exim-dev@???
Excuse any mistakes I've made in filing what I believe is a 'bug report'.
Using RCPT TO instead of VRFY (as provided for by RFC) during
sender-verification-callout will cause the MTA to be black listed on
backscatter.org
http://www.backscatterer.org/index.php?target=sendercallouts
In my opinion, the Sender-Verification should use VRFY as provided for in the
RFC.
Optionally a hard-fail switch can be added to reject mail from any domain which
has disabled their VRFY feature (thus breaking RFC compliance). If an admin
does not want to allow VRFY, then we can refuse to accept their email. But we
should not be using the wrong command for our purposes.
The following is interpreted by many admins as an attempt to bypass their
attempts to disable sender-verification, and is clearly (to me) not in keeping
with the RFC which specifies VRFY for sender verification.
**********************************************************
39.34 Sender address verification reporting
When sender verification fails in an ACL, the details of the failure are given
as additional output lines before the 550 response to the relevant SMTP command
(RCPT or DATA). For example, if sender callout is in use, you might see:
MAIL FROM:<xyz@???>
250 OK
RCPT TO:<pqr@???>
550-Verification failed for <xyz@???>
550-Called: 192.168.34.43
550-Sent: RCPT TO:<xyz@???>
550-Response: 550 Unknown local part xyz in <xyz@???>
550 Sender verification failed
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
