I'm new to the list, but have been running James as my mail server for several weeks now. I ran across a problem today that would be fixed by implementing the SMTP VRFY functionality.
I also read the rationale for "NoFastFail" in the wiki section, but didn't see my issue mentioned, so I'm soliciting opinions from anyone before I try to implement the VRFY command.
The issue I discovered is one in which one or more spammers have probed my James server, determined that their is no verify implemented, and begun to send mail from their own server (or possibly an open relay) using phony usernames attributed to my domain. Since a fair number of emails being sent as spam go to addresses that have been abandoned, I have begun to receive a steady stream of postmaster emails (mostly from aol) informing me that the spammers email has bounced. If I were to enable verify functionality, the spam filters at aol (and other servers) could at least determine that the email address was invalid and not feel compelled to notify me.
Since spammers are misusing my domain name, it seems that even though I am not running James as an open relay, my domain name is at risk of being blacklisted as a result of misuse by others. As it happens, the email addresses I have configured on my mail server are well known to spammers anyway, since they were long ago harvested from internic records and/or web pages.
My questions then are:
1) How does this scenario fit in with the "NoFastFail" rationale? Is this a possible exception, or am I being too simple-minded?
2) Is this functionality already being built by anyone? (I didn't see it in the archives)
3) Is this something that the maintainers of James would like as an optional feature. In other words, if I implement it, should I contribute it?
Thanks for any feedback/opinions you can offer... - Steve Robenalt
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
