Re: [exim] Correct extended verification of noreply@ type em…

Top Page
Delete this message
Reply to this message
Author: Jasen Betts
Date:  
To: exim-users
Subject: Re: [exim] Correct extended verification of noreply@ type email addresses
On 2017-12-29, Sebastian Arcus via Exim-users <exim-users@???> wrote:
> I use sender extended callout/varification in Exim:
>
>    deny    message     = Sender cannot be verified
>            log_message = "Reject: sender cannot be verified"
>            !verify     = sender/callout=2m,defer_ok

>
> I find the above extremely useful in combating spam from addresses with
> a real domain, but fictitious local part. However, I just noticed in
> logs that mail from noreply@ type email addresses bounces back:
>
> 2017-12-29 11:35:59.004 [27104]
> H=mail-cys01nam02hn0243.outbound.protection.outlook.com
> (NAM02-CY1-obe.outbound.protection.outlook.com) [104.47.37.243]:59248
> I=[192.168.15.2]:25 sender verify fail for <no-reply@???>:
> microsoft-com.mail.protection.outlook.com [23.103.156.74] : SMTP error
> from remote mail server after RCPT TO:<no-reply@???>: 550
> 5.4.1 [no-reply@???]: Recipient address rejected: Access
> denied [DM3NAM06FT008.Eop-nam06.prod.protection.outlook.com]
>
> I can understand why they would reject a MAIL command on that address,
> as it can't receive email (if that's correct?). What is the best way to
> proceed here?


Do you want this email?

> Add a condition to the callout acl, to check for a list of
> keywords in the local part of the sender's address? Is the remote end
> breaking the rules? Some other solution to fix this, maybe?


Personally I only use extensive verification on postmaster, abuse, and
other accounts that should only get mail from humans.

--
This email has not been checked by half-arsed antivirus software