Ian Eiloart wrote:
On 14 Jun 2011, at 05:24, Phil Pennock wrote:
On 2011-06-13 at 00:32 +0000, Michael Jimenez wrote:
So I've been looking at my mail server mainlog for the past
couple of days watching mail come in and out, I've noticed that
this Microsoft address keeps failing to verify:
You're using sender *callout* verification to systems not under
your administrative control. This is regarded by many as abusive,
and will get you placed on various blacklists.
Is that true? I've not experienced it, in several years.
It might not be obvious *why* one's server was rejected - and need not
be an LBL.
The larger providers have rate-limits and other DoS filters; so
when an MSN address is spoofed and you keep hitting their
mail-servers with checks on mails they didn't send, you'll exceed
ratelimits and get fast-failed: they're rejecting you attempting to
deliver to them, which you're interpreting to mean that the address
is invalid.
That's not likely to happen. Exim's result caching means you're not
going to be making frequent callouts regarding a single address. In
theory, it could happen if spammers were attempting to deliver to you
from many different addresses in the same domain, in rapid
succession. However, you could -and should- mitigate against that by
doing callouts late.
Sender callouts are best suited for use to systems under your own
control.
Seconded.
Abuse/not issue quite aside, without prior arrangements within a
cooperative pool under common control or at least shared goals, you
aren't necessarily going to get anything useful *anyway*.
A simple 'delay=' longer than your callout response waiting period
renders the callout useless, yet has left both MTA hanging on TWO teats.
If you require a hard-pass, it has also blocked the transfer.
Every time. "..walks like a duck....." - looks like a Blacklist.
A limitation on simultaneous connections from a given IP can even block
outright and 'right now' at busier times. Looks like a BL on some, not
all members of a pool. Might be exactly what the OP was hitting.
Callout might be 'cheaper' than syncing user DB's among a pool of
servers.. Sometimes. Maybe.
.. but otherwise?
More pain than gain, even among the tolerant.
A 'bot - presuming rDNS failure - would be unable to respond favorably,
even if programmed to do so (trivial).
But a credentialed commercial advertising spam-engine that DOES pass
rDNS is MORE likely to respond favorably than a moderately well-armed
MTA - potentially rewarding or penalizing exactly the wrong folk.
bass ackwards, that.
Bill
--
韓家標
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
