[exim] Doing SAV callouts right

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Marc Perkel
Dátum:  
Címzett: exim-users
Régi témák: Re: [exim] A cry for help - are there any plusnet admins out there ?
Tárgy: [exim] Doing SAV callouts right


On 3/25/2011 4:53 AM, Ian Eiloart wrote:
>
>
> --On 24 March 2011 14:50:22 +0000 "Dave Restall - System
> Administrator,,," <dave@???> wrote:
>
>> Hi,
>>
>> I use exim to receive and process my emails - have done for years.
>> I also use sender callouts - have done for years. Occasionally emails
>> get rejected because they are sent from non-existent addresses and
>> sender
>> callouts don't like that.
>
> I'm with you on this. With the proviso that you should check SPF
> first. Callouts are entirely legitimate if you get an SPF pass, but
> arguably redundant. They're not required if you get an SPF fail. For
> softfail and neutral, I'd avoid doing the callout on the basis that
> one should be nice to people that are helping you to evaluate the
> legitimacy of mail from sender addresses in their domains.
>
> In my view, refusing bounce messages for an address that's used in the
> "RETURN PATH" is contrary to RFC 5321 "The primary purpose of the
> Return-path is to designate the address to
> which messages indicating non-delivery or other mail system failures
> are to be sent. For this to be unambiguous, exactly one return path
> SHOULD be present when the message is delivered. "
>
> You can parse this as reading "exactly one return path (an address to
> which messages indicating non-delivery or other mail system failures
> are to be sent) SHOULD be present when the message is delivered. "
>
> And "SHOULD" means that you should be aware of the consequences of
> failing to do so. For rfc5322, ignoring a recommendation means that
> you risk failing to deliver email. If plusnet want to deliver their
> email, then they should follow all recommendations in RFC5322.
>
> Oh, and you don't need callouts in order to reject their email.
>


If someone did a callout on every email attempt that would be excessive.
I do all the blacklist/whitelist tests first, then HELO tests, then I do
recipient tests (forward SAV callout) and then after those tests I to
SAV. And the server caches the results. So my SAV footprint is so low
that it doesn't seem to trigger the attention of SAV haters.

OTOH - I'm reading their SPF record, their NS records, and their MX
records and the A record for the domain and factoring that in so that
may be lighter that SAV or maybe not?

I would remind everyone that the real enemy out there are the spammers
and that fighting among ourselves over religious issues like SAV and SPF
really doesn't accomplish anything.