On 2017-01-19 at 08:59 +0100, Heiko Schlittermann wrote:
> position to to introduce it. But, OTOH if Postfix and Exim would support
> it… (just dreaming) there would be a good coverage.
>
> Does anybody remember, why VRFY isn't supported? I do not see anything
> that is more risky there than RCPT TO. (Given current ACL capabilities.)
> And in combination with the enforcement of a preceeding MAIL FROM it
> even makes some sense to me.
Hrm? I wasn't reading the other thread.
Exim used to support both EXPN and VRFY but the default ACL is to deny,
so you need to explicitly enable via ACL. Although ... it's not showing
up in EHLO response, when I thought that it used to, so that might be a
regression?
My config uses:
-----------------------8< spodhuis.org mailhub >8-----------------------
# main
hostlist addresscheck_allow_hosts = @[]
acl_smtp_expn = acl_address_check
acl_smtp_vrfy = acl_address_check
# acls
acl_address_check:
accept hosts = +addresscheck_allow_hosts
endpass
accept authenticated = *
condition = ${if inlisti{$authenticated_id}{ADMIN_AUTH_IDENTITIES}}
deny message = You may not VRFY or EXPN here
-----------------------8< spodhuis.org mailhub >8-----------------------
Looks like the BSD Jail is breaking `@[]` right now, I hadn't noticed
that.
VRFY exim-users@???
250 <exim-users@???> is deliverable
EXPN exim-users@???
250 <+spodhuis/exim-users@???>
There's a niggle which I'll chase under separate cover.