[exim-dev] [Bug 855] Sender-callout-Verification should use …

Top Page
Delete this message
Reply to this message
Author: 855
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 855] Sender-callout-Verification should use VRFY not RCPT TO
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=855

bugzilla@??? <bugzilla@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugzilla@???
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |





--- Comment #3 from bugzilla@??? 2009-06-21 09:55:29 ---
Nigel,

RFC 821 requires VRFY and defines it as what we need for our purposes.
http://www.ietf.org/rfc/rfc821.txt

RFC 5321 requires VRFY and defines it as what we need for our purposes.
http://www.ietf.org/rfc/rfc5321.txt


>Comment #2 From Nigel Metheringham 2009-06-21 08:47:50 [reply] -------
>
>VRFY tests only for the apparent existence of an address (plus many sites block

it).
>
>A FROM <>/RCPT TO pair tests the deliverability of bounce messages, including whether the site accepts null senders (some idiots still think these should be rejected), and whether the address itself is apparently valid.
>
>This is an entirely different test to VRFY



I'd rather not get in the middle of your pissing war with the "idiots" you
describe.

However, because of the misuse of RCPT TO, in order to VRFY addresses, my IP is
now listed on a DNSBL @ backscatter.org

http://www.backscatterer.org/index.php?target=sendercallouts

If you would please review my original writeup and give it more careful
consideration.

If the RFC calls for VRFY to be enabled, and sites choose to remove VRFY from
their MTA command response set, then I have no problem 'dropping' their inbound
mail as "unverifiable".

However, it is wrong headed (and two wrongs don't make a right) to abuse RCPT
TO, in order to "get around" the admin's who have disabled VRFY.


Bottom line: If you refuse to consider making EXIM work within the RFC's and
use VRFY instead of RCPT TO, then please consider adding a NEW feature that
uses RFC specified VRFY.

Otherwise, users of EXIM will either find themselves BLACK LISTED or be forced
to stop using acl_smtp_vrfy


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email