Magnus Holmgren wrote: >>Considering that, what's the actual benefit of using the defer_ok option? > > > Now you're quoting two sections relating to sender (callback) checks, but > from > my mail you quote the recipient (call-forward) check. I'm confused, but I'll > cover both ways.
Oh, sorry, it's me who confused that. I thought it was sender verification. > Using a call-forward without defer_ok would render the secondary effectively > meaningless That's true, very good explanation, thanks! >>If a SPAMer has set up MXs that point to non-accepting hosts, he will >>get the SPAM through because you set defer_ok. > > > The reasoning behind defer_ok on the sender verification is that it might > cause too many false positives. That could be wrong, YMMV, try for yourself. I have enabled sender verification callouts, but without defer_ok. The idea that it might be a good idea to enable defer_ok is what made me ask. But when I rethink that ... The callout sender verification does two things, ensuring the sending address is reachable and, in a side effect, wards off _lots_ of SPAM. Denying mail from unreachable addresses is mandatory because once you accept a mail, you are responsible for handling it according to the standards --- which includes eventually sending delivery errors. Since you cannot send anything to unreachable addresses, accepting mail from them is a violation of RFCs --- letting aside that I don't want a mailserver to be that unreliable. Setting defer_ok would lead to accept all the SPAM and mail from unreachable addresses. Not a good idea ... > Anyway, if the spammer bothers to set up a sender address that causes > verification to defer, they could as easily set up a sender address that > verifies OK. Yeah, fortunately most of them don't do that. What gets through and is detected as SPAM here is a little less than 1.3 mails per day per user. Taking undetected SPAM into accout, it's maybe 1.5 --- a bearable rate. Thus, I don't understand why so many mail service providers are so exited about SPAM that many of them misconfigure their servers to use sucking blacklists. But then, most of them don't know what they do, anyway. GH -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
