Author: Graeme Fowler Date: To: Jeremy Harris CC: exim-dev Subject: Re: [exim-dev] RCPT TO verification
On Thu, 2010-01-07 at 14:01 +0000, Jeremy Harris wrote: > verify sender /callout
To make that clear, it's an ACL function:
verify = sender/callout[,options]
It's very well documented.
> Do the sender-verify only for non-null FROM, and using a null FROM -
> just like emitting a bounce. Unless you're Microsoft. <snip> > Some people think that sender-verifies are evil. Google.
Callout verification is not evil per se, applied to either senders or
recipients (think of a corporate or academic mailhub).
However, arbitrary usage of sender callouts against all inbound mail is
inadvisable as it is very easy to create a DoS condition against a
remote site. The best example is as follows:
A spammer takes an address within a domain under your control and then
sends millions of messages using that in the "MAIL FROM:" command.
All of the hypothetical receiving MX servers (in many thousands, or
millions of domains) then do callout verification against the sender
domain MX.
That's your MX.
It dies under the load of incoming connections.
I hope you see why arbitrary Sender Address Verification (SAV) is widely
considered to be a bad thing. It's a very useful technique in
loosely-coupled systems, but not across the Internet as a whole.
There are a growing number of blacklists which will list your for using
SAV. I could name some but I'd like to keep the religious wars on other
lists :)
