On 18 Oct 2006, at 11:46, Renaud Allard wrote: > Indeed, but, as mentioned before, some will argue that if the spf is > false you have no right to use their resources to verify things as > it is > probably a spam. And if spf != pass && spf != false (IE: not defined) > you still have no right to do a callout as you could be a player in > a ddos. > So there is no real solution to this, the best practice would be that > the callout should be your last line of defense (just before data > session). And also that it should be avoided if the host is trusted > (but > this last one is probably nearly unmaintainable for large > environments).
One thing exim should probably do or at least have the facility to do is add all successful outgoing addresses to the callout cache. Or put it another way is there some way I can create a whitelist of all successful outgoing envelope to's so that I can use it in the rcpt acl Stuart -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
