Autor: Graham Butler Data: Dla: 'exim-users@exim.org' Temat: [exim] FW: Using verify sender
Many thanks to all the people who replied to my email. It would appear that the general opinion is that the use of 'verify sender', without a call out, should not result in any major problems.
Out of the 100,000 emails we receive a day we are currently rejecting around 80,000 at the smtp stage using Exim's ACL's, before feeding the remainder to SpamAssassin. SpamAssassin then reduces the 20,000 emails to around 15,000. It is estimated, from test using the warn command with sender verify, that a further 300 to 400 emails should be blocked before it hits SpamAssassin, slightly reducing the load on the server.
I believe there is a good chance, with your replies, that management may now agree to let me implement a verify sender ACL, without a call out that is.....
Regards,
Graham Butler
Infrastructure Team.
The University of Huddersfield
> -----Original Message-----
> From: Graham Butler
> Sent: 23 May 2011 13:14
> To: 'exim-users@???'
> Subject: Using verify sender
>
> I am currently looking into adding 'require verify = sender', with no
> callouts, to our Exim configuration. Unfortunately, my manager went to
> a conference last week and was informed that adding 'verify sender' was
> not very wise and could lead to the rejection of legitimate emails.
>
> From my understanding,' verify sender' is 'confined to verifying that
> the domain is registered in the DNS' with either a MX or an 'A'
> address. Rejecting such emails I would have thought would be good
> practice. I would agree that using 'verify sender' with callout is bad
> practice.
>
> Is the use of 'verify sender' recommended, and can anybody who has
> included 'verify sender' give any feed back on any problems they have
> experienced regarding rejections of legitimate emails.
>
> Graham Butler
> Infrastructure Team.
> The University of Huddersfield
---
This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.
