------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=823 --- Comment #2 from Jaco Kroon <[email protected]> 2009-03-20 15:55:14 --- (In reply to comment #1) > To solve the security problem when routing mail to dynamic addresses, I'd > recommend to use TLS/SSL certificates instead of SMTP AUTH. You probably use > TLS anyway. Check I'm not that worried about the security. The issue I'm trying to address is the one where some other mail server comes up on my dangling IP and rejects my mail, causing my own mail server to bounce my own mail instead of just caching it. The idea is simple: if authentication fails entirely it's a temporary error instead of a permanent one, causing a retry again at a later stage. > > Also, I should be able to create a router that "steals" the routing in the > > case > > of verify to only check that the email address exists locally and not cause > > SMTP callouts. > > Check the generic verify_* router options: > > http://www.exim.org/exim-html-current/doc/html/spec_html/ch15.html > > These can also be inverted by prefixing them with "no_" > ("no_verify_recipient"). You can then define a fall-through router that just > accepts (and has verify_only set). Hmm, the no_verify_recipient might be a better option, I've done the verify_only thing and just duplicated the option there making it go to :blackhole: instead of the actual target. Clearly not the cleanest way, but it serves the purpose. I do disagree with the closing of the bug though. If a transport is set up to require authentication then that authentication should be used in the case of callout verifies as well. I'll leave this decision up to you though, other options imho is workarounds and does not address the real problem. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
