Marc Perkel wrote: > > Rene Marticke wrote: > >>Hi, there, >> >>let me explain two scene why this callouts are abuse. >> >>1. >>[EMAIL PROTECTED] send mail to [EMAIL PROTECTED] >>--> domB callout whith [EMAIL PROTECTED] if [EMAIL PROTECTED] is valid. >>--> domA use callout to -> so call domB if [EMAIL PROTECTED] is a valid >>user .... loop >> > > That doesn't apply to Exim because Exim by default uses a sender of <> > which isn't going to create a loop like what you are claiming. In my > case I use a real email address on my system to avoid the problems of > servers who block <> but my real address is regged to never generate a > return callout. > >>2. if someone sends spam with [EMAIL PROTECTED] around the net >>every mailserver asked you if there is a vaild account at yourdomain. I >>think it's a fine DOS ... >> >> >> > > > Exim caches callouts so as to minimize the callout traffic. I think it > has a 2 hour memory? And - the callout is short, never delivering a real > message. So the load factors would be really insignificant. > > What I see happening here is that UCEPROTECT is deliberately and falsely > listing servers as spammers who really are not spammers. They are trying > to change everyone's behavior using the listing as a threat. If you > don't comply with their ideas about spam filtering then they punish you > by falsely listing you as a spammer. I have contacted them several times > about this and they refuse to whitelist me or fix the problem. > > So when they know that I'm a spam filtering company yet they refuse to > take me off their list of spammers, what does that say about their list. > It tells me that their list is worthless. > > My solution if they won't fix their problem is to make the spam > filtering community aware of their business practices and hope that > enough people quit using their blacklist that they have to go back to > listing just spammers. When a company knowingly and deliberately lists > people as spammers who they know are spam filtering companies then that > needs to be exposed. I think they need to keep their politics separate > from their lists. > >
Marc, I suspect that you and I are in 'full agreement' only about once a year. But this is one of those times. Blacklisting for legitimate use AND NOT misuse, of an RFC-provided-for service renders the blacklist not only worthless - but 'in violation'. David's point is a cogent one - your verify = sender probe was processed on the server it hit in too-much under one second to differentiate, despite triggering a PostgreSQL lookup in the middle of the router-chain verify-walk. The 'vetting' needed, and byte-count handled of a full bounce is massively greater here. IF we even accept it. Not sure where this is going, but one can hope that "Unser Clever Extortion Protekt" - will 'learn and grow. Bill Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
