Hi, On Sat, 15 May 2010 11:10:53 pm [email protected] wrote: > "verify=sender" checks domain only. If it allows invalid domains > then either an "accept" succeeded before this "require" or > blame the NS you use.
OK. > An attempt to check existence of a mailbox (i.e. to check whole > email address, not only domain) requires connection with the MX > and giving HELO, MAIL, RCPT commands - that is called "callout" in Exim. > Callouts to each sender is considered abuse and can cause you blacklisted. Really? Then how do you handle this case? 1. Spammer Sam attempts to send you an email with forged address "[email protected]". 2. Exim verifies sender and accepts the email because spamtraps.org is a valid domain (from what you've said). 3. You reply to the email because it looks like a genuine enquiry (or maybe you have an automated "out of office" reply or similar). 4. You're blacklisted for sending email to a spam trap. The correct action, as I understand it, is to check that "[email protected]" is a valid email address (if you try, spamtraps.org will report 550 error - not a valid address) not just a valid domain at step 2. You then reject the email at connection and you don't receive the spam, and you don't reply to it. -- Russell Robinson ([email protected]) -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
