Todd Lyons wrote:
On Mon, May 23, 2011 at 5:13 AM, Graham Butler<[email protected]>
wrote:
I am currently looking into adding 'require verify = sender', with
no callouts, to our Exim configuration. Unfortunately, my manager
went to a conference last week and was informed that adding 'verify
sender' was not very wise and could lead to the rejection of
legitimate emails.
Add: verify = sender ..and not: verify = sender/callout
Read sections 40.23 and 40.40 - 40.45 for explanations.
Your manager probably things "verify=sender" is "verify with
callouts". That's not what the basic verification does. With
verify=sender, you get two basic checks: 1) if it's a local address
that's sending, it determines this because the address (local_part
and domain) exists locally. 2) If it's not local, then it must be
remote and verifies that dns says the domain exists.
Read those sections in Chapter 40 because there is more going on than
just that.
Argghh!
Thanks for that, Todd. I've just stepped in the same ass u me ption!
This sort of thing has happened so often that it might save a good deal
of heat to change the code w/r titles of the invoking knobs, as in:
verify = sender morphs to: verify = sender_route
(no longer possible to option a 'callout', timeout still optional)
verify = sender/callout morphs to: Verify = sender_contact
(no longer possible to NOT do the callout, timeout still optional)
Not sure if the FIRST form even has a place at the table so long as we
still have:
verify = reverse_host_lookup
Bill
韓家標
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
