Jeremy Harris <j...@wizmail.org> (Do 19 Jan 2017 01:03:37 CET): > On 18/01/17 21:50, Heiko Schlittermann wrote: > > Side note: we should have: > > > > --> MAIL FROM:<> > > <-- 250 OK > > --> VRFY f...@example.com > > <-- 250 OK f...@example.com accepts mail from <> > > --> QUIT > > > > This would avoid all that clumsy sender-verification-de-impact > > hacks. > > We don't at present. In effect, both VRFY and EXPN are dead (though > there is support for dealing with received ones).
Yes, we don't and others don't do it. And unfortunenatly I'm not in the position to to introduce it. But, OTOH if Postfix and Exim would support it… (just dreaming) there would be a good coverage. Does anybody remember, why VRFY isn't supported? I do not see anything that is more risky there than RCPT TO. (Given current ACL capabilities.) And in combination with the enforcement of a preceeding MAIL FROM it even makes some sense to me. (Yes, I'm biased to callouts for sender verification and would be happy if we can provide a clean way to differenciate between callout and intended message transmision.) Hm - but it would be just another mechanism to prove the authenticity of the sender, that would not be implemented everywhere. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/