>> Sietse van Zanen wrote: >> > Ralf Hildebrandt wrote: >> > > Kelly Jones wrote: >> > > > To fight spam, I want to validate the address (not necessarily in >> > > > real-time) of the a given email sender. Is there a Unix tool that >> > > > does this? >> > > >> > > Postfix has exactly this built in. It's the >> > > "reject_unverified_sender" restriction. >> > >> > Yes, but you don't always want to reject such mails. NDR's, >> > automated mails etc are often send from empty or non-existent e-mail >> > addresses. >> >> Any legitimate email will have a valid sender address. That includes >> DSNs and automated messages. Within a small network it may be okay to >> use an invalid sending address locally. But for any mail across a wan >> the sending address must be able to receive bounces. >> >> So yes I do want to always reject mail with invalid sending addresses. >>
Hi Bob, what happens if I put one such thing on my mailserver too and want to send you a mail? My outgoing MX starts a smtp connection, and then, at RCPT TO, your system starts a smtp dialogue with my incoming MX. Unless the machines are tightly coupled, my incoming MX does not expect to get a verification probe - it will believe that you try to send me some mail, and probe your machine. This looks like a source of infinite loops :( In fact, I usually configure servers to accept X sessions at most, and a smaller Y sessions from the same IP. So if your server does not have a session limit (or has set it to a higher value than mine) verification would ultimately fail when there are Y concurrent probes going on Of course the problem does not exist if an implementation chooses to accept the smtp data, and then reject at the end of data Wolfgang Hamann
