[exim-dev] [Bug 855] Sender-callout-Verification should use …

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Graeme Fowler
日付:  
To: exim-dev
題目: [exim-dev] [Bug 855] Sender-callout-Verification should use VRFY not RCPT TO
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=855




--- Comment #6 from Graeme Fowler <graeme@???> 2009-06-21 11:44:49 ---
(In reply to comment #5)
> My counter would be:
>
> If VRFY has been disabled by many sites, and if both RCPT TO and VRFY get you
> DNSBL'd for doing either of the verifications with foreign sources...


Quite the Catch-22. Is that you, Yosarian?

> That leaves only 'internal' handshaking between 'friendly' servers. And, we're
> back to VRFY, which was designed for that purpose.


But - VRFY gives a simple binary answer without allowing additional operations
which the use of RCPT TO does on the "server end" - consider the run through
Exim's RCPT ACL, which can't be done using VRFY in the same way (I don't
think!).

> Even if, as you suggest, VRFY would get us listed, clearly RCPT TO already gets
> us listed and is, therefore, useless as coded.


Not exactly. There are many cases (like in my dayjob where there are a small
number of "external", to use, systems to which we deliver mail over which we
have no control and all of whch have VRFY switched off) where a recipient
callout using RCPT TO is the Right Thing To Do. Also, consider that the
response to RCPT TO can vary according to the MAIL FROM part of the transaction
- none of that degree of variance is available using VRFY, which is a simple
yes/no answer in response to a simple question.

Graeme


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email