Author: David Woodhouse Date: To: Paul Sheer CC: exim-dev Subject: Re: [exim-dev] RCPT TO verification
On Thu, 2010-01-07 at 14:50 +0100, Paul Sheer wrote: > I expect this could create a recursive loop if two mail servers that both
> implement this feature send mail between one another. How is a loop avoided?
No, because if done sanely the callout is always done with an _empty_
sender, as if it were going to send a bounce. So there's no way it can
trigger a loop.
> Are there any blogs, caveates, discussions about this kind of behaviour in
> general?
Some people whine that it's not sustainable or that it leads to a DDoS,
but that's mostly nonsense -- I'm not aware of any case where callouts
have actually lead to such a thing, and in any case the amount of
resource it takes to handle a callout is _tiny_ in comparison with what
a modern mailserver has to do to process incoming spam anyway.
The main reason for not doing callouts because they have "false"
positives -- there are a surprising number of idiots out there who send
mail from an address which can't receive bounces, and thus fails sender
verification.