OK... responding to (and then more discussion): > Hang on. I thought > verify = sender > only involved work internal to your local exim (checking that it can > find a server which ought to accept a reply), and it's only if you ask for > verify = sender/callout > that any external test was made?
Here is where I got a bit confused. I understood the first response for the most part, but now you managed to throw me off. But, before I start my rant :))), let me do a step through your first response: First, I forgot to mention that Yes,. I'm using Exim 4.63 to clarify the verion used. Second, webform control is not the issue I'm dealing with, (even though it is certainly an importat issue of its own). My primary concern was to not to Inhibit or cause any issues to those valid users who do have a webform on their site and are just poor coders. I'm not concerned with the exploits from them,. or through their websites, that I got taken care of,. I just don't want to get the calls about "hey it worked yesterday. .what happend?". So,. I'm trying to gather the answers in advance. So my understanding is that LOCAL valid users, should not be affected by enabling this feature. Third, You made the point/case that: "Some very large / major ISP's do not have usable DNS records for their 'pools' of servers." NOW that's something to be concerned about. Since I'm running a shared hosting environment with folks from all over the world, it is very likely that some of them are interacting with servers that are indeed poorly maintained/configured. That is a valid reason by itself why NOT to use this feature. I can lecture to my clients that they SHOULD instruct their buddies out there to lecture their service providers... and yeah..going back to reality this is never going to happen. So,. this is something that seems to be very restrictive and unless I know who I am interacting with,. chances are that this is going to be NOT a favorable action for many of my users. OK.. with that said..I think I covered that subject and as much as I want to have that,.. I'll have to drop it for the time being, at least until the entire world will change working procedures. NEXT: RBLs (hey,. it's in the subject line!): I can use RBLs like the following: # deny using .spamhaus deny message = Email blocked by SPAMHAUS SBL+XBL- to unblock see http://www.myserver.com/spamlistschecker.html # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = sbl-xbl.spamhaus.org # deny using ordb deny message = Email blocked by ORDB - to unblock see http://www.myserver.com/spamlistschecker.html # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = relays.ordb.org # deny using sorbs smtp list deny message = Email blocked by SORBS - to unblock see http://www.myserver.com/spamlistschecker.html # only for domains that do want to be tested against RBLs domains = +use_rbl_domains dnslists = dnsbl.sorbs.net=127.0.0.5 but my concern is that at one point if I get lots of emails, I'll be actually considered as a "hostile" checker and get blacklisted for excessive checks. Is that likely to happen? If so,. should I simply rsync or otherwise do a daily update of a local black listings and do local checks? Does that seem like a logical thing to do? Would this possibly get even faster checks on high volume emails? Is that something that people do? Thanks, -Alon. - Alon [EMAIL PROTECTED] ----- Original Message ----- From: "John Robinson" <[EMAIL PROTECTED]> To: "W B Hacker" <[EMAIL PROTECTED]> Cc: "exim users" <[email protected]> Sent: Saturday, October 21, 2006 2:53 PM Subject: Re: [exim] require_verify = sender + RBLs - clarification on the How-to > On 21/10/2006 13:47, W B Hacker wrote: > [...] >> verify = sender tries to see if the 'incoming' mail server of-record for >> the >> domain they *apear* to come from both exists and accepts *at least* a >> partial >> attempt to send mail. Many malware sources will fail that. Further >> options in >> the spec. > > Hang on. I thought > verify = sender > only involved work internal to your local exim (checking that it can > find a server which ought to accept a reply), and it's only if you ask for > verify = sender/callout > that any external test was made? > > Cheers, > > John. > > -- > ## List details at http://www.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
