Re: [exim-dev] RCPT TO verification

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Paul Sheer
CC: exim-dev
Subject: Re: [exim-dev] RCPT TO verification
On Thu, 2010-01-07 at 14:50 +0100, Paul Sheer wrote:
> I expect this could create a recursive loop if two mail servers that both
> implement this feature send mail between one another. How is a loop avoided?


No, because if done sanely the callout is always done with an _empty_
sender, as if it were going to send a bounce. So there's no way it can
trigger a loop.

> Are there any blogs, caveates, discussions about this kind of behaviour in
> general?


Some people whine that it's not sustainable or that it leads to a DDoS,
but that's mostly nonsense -- I'm not aware of any case where callouts
have actually lead to such a thing, and in any case the amount of
resource it takes to handle a callout is _tiny_ in comparison with what
a modern mailserver has to do to process incoming spam anyway.

The main reason for not doing callouts because they have "false"
positives -- there are a surprising number of idiots out there who send
mail from an address which can't receive bounces, and thus fails sender
verification.

--
dwmw2