Should the per-domain callout cache records be consulted for recipient verification when use_sender is true? I suspect that they should not be consulted, but in fact they are consulted.
For example: my server has "require verify=sender/callout", and someone tries to email me from <[EMAIL PROTECTED]>. coscon.co.uk's mail servers are RFC-ignorant, and reject the null sender; therefore, all sender verification for that domain will fail, and a callout cache record is written (as I understand it) stating that verification for "coscon.co.uk" fails for all local parts. My server also has "require verify=recipient/callout,use_sender". When someone now tries to send email *to* <[EMAIL PROTECTED]> (or indeed to the same "someaddress"), verification seems to fail, using the cached callout record. However if the callout had actually been attempted, it probably would not have failed, because the sender address was non-null (therefore coscon's servers would accept the MAIL FROM command, etc). My server's behaviour, the 4.62 source code (as far as I understand it), and the spec, all seem to agree that this is what happens, but it doesn't seem like a Good Thing. Is it a bug? -- Dave Evans Power Internet PGP key: http://powernet.co.uk/~davide/pgpkey
signature.asc
Description: Digital signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
