Theo Van Dinter wrote:
> On Wed, Aug 30, 2006 at 10:10:00AM -0700, Michael Grey wrote:
>> I am aware of SPF which can confirm that a host at ip address x.x.x.x is
>> authorized to send mail as from domain "A", but how about a means to confirm
>> that '[EMAIL PROTECTED]' actually is a real user before accepting mail
>> from him ?
>
> The short answer is that there's no way to do that in general, regardless
> of SA, so no.
>
There is a way to do it, but someone more skilled at PERL than I would
have to carve it... you actually open an SMTP conversation with
"REMOTE_DOMAIN.com" a la:
Connected to mail.wolfstar.ca.
Escape character is '^]'.
220 ext1.wolfstar.ca ESMTP Postfix (Debian/GNU)
EHLO spamTest.bot
250-ext1.wolfstar.ca
250-PIPELINING
250-SIZE 102400000
250-ETRN
250 8BITMIME
MAIL FROM: [EMAIL PROTECTED]
250 Ok
RCPT TO: [EMAIL PROTECTED]
554 <[EMAIL PROTECTED]>: Relay access denied
... trap that "5xx" return, and you know its a bogus sender. The
plug-in adds 2 points to the score.
Get a "250 Ok" back, and you are likely "safe"... score 0.
--
--Michel Vaillancourt
Wolfstar Systems
www.wolfstar.ca
