[exim-dev] [Bug 855] Sender-callout-Verification should use …

Top Page
Delete this message
Reply to this message
Author: 855
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 855] Sender-callout-Verification should use VRFY not RCPT TO
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=855




--- Comment #8 from bugzilla@??? 2009-06-21 15:15:39 ---
(In reply to comment #7)
> (In reply to comment #3)
> >
> > However, because of the misuse of RCPT TO, in order to VRFY addresses, my IP is
> > now listed on a DNSBL @ backscatter.org
>
> Then stop mis-using it. Don't suggest the removal of a feature many find
> useful.


I use Sendmail for all but one of my servers. That server has CPanel and EXIM.

The CPanel config has "sender callout verification" as a checkmark option.

The CPanel technician indicated that Exim would use VRFY

Only _after_ our IP got listed by backscatter.org did I become aware of the
flaws in the system.

There was _nothing_ from CPanel to indicate that there was any 'mis-use'.
There was _nothing_ from Exim to indicate that there was any 'mis-use'.


> Graeme's documentation suggestion in comment #4 seems sensible, however, to
> avoid accidental mis-use. Note also that the default config does not (and never
> has) enable sender callouts so new users have to deliberately turn it on and do
> not need protecting.



With no warnings from Exim, and no warnings from CPanel, and no indication that
enabling it was 'mis-use', I think placing blame on new users is a bit odd.


> Exim is a very stable system, and backwardly-incompatible changes must be
> avoided. If you'd care to enter a suggestion to add access to 'VRFY' from the
> ACLs in addition to the existing callout mechanism, further consideration would
> likely be given. But the devs would probably need convincing as to how widely
> it could be used given the widespread disabling of VRFY in the real world.
>
> -1 for code change, +1 for doc change
>


I support document change, both in Exim and in Cpanel.

I was trying to use something that looked like it would be a useful tool, with
no indication that the "bridge is out ahead".

Now I'm attempting to help other uninformed users by getting "something"
changed.

Thank you.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email