[exim] Doing SAV callouts right

Fri, 25 Mar 2011 10:04:06 -0700 


On 3/25/2011 4:53 AM, Ian Eiloart wrote:




--On 24 March 2011 14:50:22 +0000 "Dave Restall - System 
Administrator,,," <[email protected]> wrote:



Hi,

I use exim to receive and process my emails - have done for years.
I also use sender callouts - have done for years.  Occasionally emails

get rejected because they are sent from non-existent addresses and 
sender

callouts don't like that.



I'm with you on this. With the proviso that you should check SPF 
first. Callouts are entirely legitimate if you get an SPF pass, but 
arguably redundant. They're not required if you get an SPF fail. For 
softfail and neutral, I'd avoid doing the callout on the basis that 
one should be nice to people that are helping you to evaluate the 
legitimacy of mail from sender addresses in their domains.



In my view, refusing bounce messages for an address that's used in the 
"RETURN PATH" is contrary to RFC 5321 "The primary purpose of the 
Return-path is to designate the address to

  which messages indicating non-delivery or other mail system failures
  are to be sent.  For this to be unambiguous, exactly one return path
  SHOULD be present when the message is delivered.  "

You can parse this as reading "exactly one return path (an address to
  which messages indicating non-delivery or other mail system failures
  are to be sent) SHOULD be present when the message is delivered. "


And "SHOULD" means that you should be aware of the consequences of 
failing to do so. For rfc5322, ignoring a recommendation means that 
you risk failing to deliver email. If plusnet want to deliver their 
email, then they should follow all recommendations in RFC5322.


Oh, and you don't need callouts in order to reject their email.




If someone did a callout on every email attempt that would be excessive. 
I do all the blacklist/whitelist tests first, then HELO tests, then I do 
recipient tests (forward SAV callout) and then after those tests I to 
SAV. And the server caches the results. So my SAV footprint is so low 
that it doesn't seem to trigger the attention of SAV haters.



OTOH - I'm reading their SPF record, their NS records, and their MX 
records and the A record for the domain and factoring that in so that 
may be lighter that SAV or maybe not?



I would remind everyone that the real enemy out there are the spammers 
and that fighting among ourselves over religious issues like SAV and SPF 
really doesn't accomplish anything.



--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/























					Reply via email to