Thomas Hochstein wrote:
> W B Hacker schrieb:
>
>> first off, using a machine-generated bogus destination address such as;
>>
>> <greenmeadow.szaf.org-1285976102-testing@???>
>>
>> .. is probably going to get you a rejection in ALL cases where the target does
>> *recipient* verification.
>
> Yes, that's the point.
>
> See <http://www.exim.org/exim-html-4.40/doc/html/spec_38.html>:
> | random: Before doing the normal callout check, Exim does a check for
> | a “random” local part at the same domain. The local part is not
> | really random – [...]
> |
> | The idea here is to try to determine whether the remote host accepts
> | all local parts without checking. If it does, there is no point in
> | doing callouts for specific local parts. If the “random” check
> | succeeds, the result is saved in a cache record, and used to force
> | the current and subsequent callout checks to succeed without a
> | connection being made, until the cache record expires.
>
> I'll have to (re-)evaluate that sometimes; a list of hosts that
> blindly accept all recipients would be better, of course.
>
> Regards,
> -thh
>
Well - yah... basically a test for far-end being an open-relay every time you send?
JM2CW, but any of the many open-relay RBL's or online tests cover that - and
AFAIK, faster and 'cheaper' than a callout.
It isn't that a callout is always evil, always unwelcome, etc.
It's that a callout has too low of a probability of gaining a response that is
both predictable and useful for the general case.
W/r vetting submission TO you, an rDNS test is a great deal more consistent and
reliable - even if / especially if not used as an immediate hard-fail.
While you will almost certainly need a whitelist, covering the few correspondent
who don't have their most basic DNS in order takes a much smaller list of
exemptions than a list of those who do not support callouts.
YMMV,
Bill
