Jeremy Harris <jgh@???> (Do 19 Jan 2017 01:03:37 CET):
> On 18/01/17 21:50, Heiko Schlittermann wrote:
> > Side note: we should have:
> >
> > --> MAIL FROM:<>
> > <-- 250 OK
> > --> VRFY foo@???
> > <-- 250 OK foo@??? accepts mail from <>
> > --> QUIT
> >
> > This would avoid all that clumsy sender-verification-de-impact
> > hacks.
>
> We don't at present. In effect, both VRFY and EXPN are dead (though
> there is support for dealing with received ones).
Yes, we don't and others don't do it. And unfortunenatly I'm not in the
position to to introduce it. But, OTOH if Postfix and Exim would support
it… (just dreaming) there would be a good coverage.
Does anybody remember, why VRFY isn't supported? I do not see anything
that is more risky there than RCPT TO. (Given current ACL capabilities.)
And in combination with the enforcement of a preceeding MAIL FROM it
even makes some sense to me.
(Yes, I'm biased to callouts for sender verification and would be happy
if we can provide a clean way to differenciate between callout and
intended message transmision.)
Hm - but it would be just another mechanism to prove the authenticity
of the sender, that would not be implemented everywhere.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
