<quote who="Sonia Hamilton"> > * On Wed, Jun 14, 2006 at 11:48:06AM +1000, Jeff Waugh wrote: > > SAV is different to VRFY, and the combination of SAV and greylisting is > > really broken. I suggested to Chris that he turn SAV off, because it ends up > > being more problematic than it's worth. > > Well, still not sure if it's VRFY or SAV causing the problem.
It's SAV. No one uses VRFY anymore, it's widely held to be insecure (as an information leak). > A couple of questions: > * I've got verify disabled in postfix, as an anti spammer measure > (disable_vrfy_command = yes) - should I have it turned on? Would this > solve this VRFY problem? No, leave it off (and the problem is nothing to do with VRFY). > * would SAV problem be fixed by setting up Sender Policy Framework > (SPF) on my server? Or is this an unrelated fix? No, not really. It's the combination of SAV and greylisting that hurts. If an MTA set up for SAV tries to check (verify, but don't confuse that with VRFY) against an MTA set up for greylisting, it'll get a 450, which while temporary, is usually enough for a SAV MTA to say "nuh uh, can't deliver, so you don't get to send mail to me". Bad combo. - Jeff -- linux.conf.au 2007: Sydney, Australia http://lca2007.linux.org.au/ "If your life was a movie, would you pay to see it? Would you pay to see an advertisement for it?" - James Morris -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
