On 19/01/17 09:20, Phil Pennock wrote:
> On 2017-01-19 at 08:59 +0100, Heiko Schlittermann wrote:
>> position to to introduce it. But, OTOH if Postfix and Exim would support
>> it… (just dreaming) there would be a good coverage.
>>
>> Does anybody remember, why VRFY isn't supported?
Mostly a case of "doesn't do anything that RCPT can't be used for",
I think. But callouts complicate the issue. If the suggestion
is for Exim to (presumably optionally and with some intelligence
about fallback to RCPT) use VRFY for callouts, and the sample
Exim config be changed to handle received VRFY to match that use -
what position should be taken on the verification level implemented
by the vrfy acl. Should it, eg, do callouts itself?
>> I do not see anything
>> that is more risky there than RCPT TO. (Given current ACL capabilities.)
>> And in combination with the enforcement of a preceeding MAIL FROM it
>> even makes some sense to me.
Oddly enough, rfc 2821 says that VRFY SHOULD be usable even without an
EHLO let alone a MAIL. (section 4.1.4)
This because it is a non-mail command.
I need to read through the later ESMTP spec rfcs.
> Exim used to support both EXPN and VRFY but the default ACL is to deny,
> so you need to explicitly enable via ACL.
We're talk not only about accepting it, but using it. Not something
Exim has done before now.
> Although ... it's not showing
> up in EHLO response, when I thought that it used to, so that might be a
> regression?
VRFY is not listed as a service extension in
https://www.iana.org/assignments/mail-parameters/mail-parameters.xhtml
--
Cheers,
Jeremy