On Thu, 2 Mar 2000 09:35:02 -0400 (AST), Shera <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I asked about message 252 yesterday and was told that to have the smtp
> server not vrfy users was a security feature. I do understand this
> perfectly. But shouldn't this be an option for the sysadmin to turn off
> and on or to have a deny file to only allow certain people to access the
> vrfy command? According to different RFCs (below) this is the recommend
> form to handle vrfy.
Well, accepting and answering vrfy is a MUST, but always returning
252 is a perfectly legitimate response.
> There are times that I need to vrfy users from
> remote and in the past the easiest and only form I knew was through the
> smtp server, but now using qmail it is impossible. I would just like to
> understand why qmail does not allow this to be an option as in sendmail.
At the time you are having an SMTP conversation, qmail does *not know*
whether any given address on this machine is deliverable or not. There
are several reasons for this, which other folk have explained.
If you could explain why you need to vrfy users, there might be
another method we could suggest to accomplish the same end-goal.
-dsr-
