[exim-dev] [Bug 855] Sender-callout-Verification should use …

Top Page
This message is part of the following thread:
M+++++++++++\the complete thread tree sorted by date
MMMMMMMMMMMMMNigel Metheringham at <-
Graeme Fowler at ->
Delete this message
Reply to this message
Author: 855
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 855] Sender-callout-Verification should use VRFY not RCPT TO
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=855

bugzilla@??? <bugzilla@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugzilla@???
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |





--- Comment #3 from bugzilla@??? 2009-06-21 09:55:29 ---
Nigel,

RFC 821 requires VRFY and defines it as what we need for our purposes.
http://www.ietf.org/rfc/rfc821.txt

RFC 5321 requires VRFY and defines it as what we need for our purposes.
http://www.ietf.org/rfc/rfc5321.txt


>Comment #2 From Nigel Metheringham 2009-06-21 08:47:50 [reply] -------
>
>VRFY tests only for the apparent existence of an address (plus many sites block
it).
>
>A FROM <>/RCPT TO pair tests the deliverability of bounce messages, including whether the site accepts null senders (some idiots still think these should be rejected), and whether the address itself is apparently valid.
>
>This is an entirely different test to VRFY


I'd rather not get in the middle of your pissing war with the "idiots" you
describe.

However, because of the misuse of RCPT TO, in order to VRFY addresses, my IP is
now listed on a DNSBL @ backscatter.org

http://www.backscatterer.org/index.php?target=sendercallouts

If you would please review my original writeup and give it more careful
consideration.

If the RFC calls for VRFY to be enabled, and sites choose to remove VRFY from
their MTA command response set, then I have no problem 'dropping' their inbound
mail as "unverifiable".

However, it is wrong headed (and two wrongs don't make a right) to abuse RCPT
TO, in order to "get around" the admin's who have disabled VRFY.


Bottom line: If you refuse to consider making EXIM work within the RFC's and
use VRFY instead of RCPT TO, then please consider adding a NEW feature that
uses RFC specified VRFY.

Otherwise, users of EXIM will either find themselves BLACK LISTED or be forced
to stop using acl_smtp_vrfy


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 855] Sender-callout-Verification should use VRFY not RCPT TO[exim-dev] [Bug 856] New: syntax errors in spec.xfpt (since DKIM merge)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)