Pkg exim4 users - Jul 2006 - Re: Bug#379155: please add an option to verify recipient first

On Mon, Jul 24, 2006 at 10:39:38AM +0200, Marc Haber
wrote:
> 
> Probably, it might be acceptable to do early recipient verification
> for messages that have neither been delivered authenticated nor
> delivered from a host that we relay from.
Yup. Sounds much better to me, too.
> Depending on how ugly this
> configuration gets, this might be acceptable as a default. I''d
like to
> hear some comments from exim-users first though.
I propose the attached patch.  CCing exim-users too.

-- 
Robert Millan

My spam trap is honeypot@aybabtu.com.  Note: this address is only intended for
spam harvesters.  Writing to it will get you added to my black list.
-------------- next part --------------
Index: debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
==================================================================---
debian/debconf/conf.d/acl/30_exim4-config_check_rcpt	(revision 1510)
+++ debian/debconf/conf.d/acl/30_exim4-config_check_rcpt	(working copy)
@@ -22,11 +22,6 @@
   # MTAs and submissions from MUAs you should probably split them into two
   # lists, and handle them differently.
 
-  # Recipient verification is omitted here, because in many cases the clients
-  # are dumb MUAs that don''t cope well with SMTP error responses. If
you are
-  # actually relaying out from MTAs, you should probably add recipient
-  # verification here.
-
   # Note that, by putting this test before any DNS black list checks, you will
   # always accept from these hosts, even if they end up on a black list. The
   # assumption is that they are your friends, and if they get onto black
@@ -47,6 +42,13 @@
     control = submission/sender_retain
 
 
+  # Recipient verification is very cheap, so we do it before the other checks.
+  # But, not before verifiing that we aren''t being used as relay,
because in
+  # many cases the clients are dumb MUAs that don''t cope well with
SMTP error
+  # responses.
+  deny
+    !verify = recipient
+
   # The following section of the ACL is concerned with local parts that contain
   # certain non-alphanumeric characters. Dots in unusual places are
   # handled by this ACL as well.
@@ -276,8 +278,6 @@
 
   accept
     domains = +local_domains
-    endpass
-    verify = recipient
 
 
   # Accept if the address is in a domain for which we are an incoming relay,
@@ -285,8 +285,6 @@
 
   accept
     domains = +relay_to_domains
-    endpass
-    verify = recipient
 
 
   # Reaching the end of the ACL causes a "deny", but we might as well
give

On Mon, Jul 24, 2006 at 03:56:27PM +0200, Robert Millan
wrote:
> On Mon, Jul 24, 2006 at 10:39:38AM +0200, Marc Haber wrote:
> > Probably, it might be acceptable to do early recipient verification
> > for messages that have neither been delivered authenticated nor
> > delivered from a host that we relay from.
> 
> Yup. Sounds much better to me, too.
> 
> > Depending on how ugly this
> > configuration gets, this might be acceptable as a default.
I''d like to
> > hear some comments from exim-users first though.
> 
> I propose the attached patch.  CCing exim-users too.
You Cc''ed pkg-exim4-users, not exim-users. I''m going to write
to
exim-users.

Your patch looks good to me, but I''m reluctant to apply it unless
Upstream decides to change their default logic as well.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

On Mon, Jul 24, 2006 at 04:37:44PM +0200, Marc Haber
wrote:
> You Cc''ed pkg-exim4-users, not exim-users. I''m going to
write to
> exim-users.
I did that,
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20060724/msg00009.html
> Your patch looks good to me, but I''m reluctant to apply it unless
> Upstream decides to change their default logic as well.
Philip has answered rather positively,
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20060724/msg00046.html,
so we''re going to wait for the change Philip will do for 4.63 and
follow that change.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

tags 379155 upstream
thanks

On Tue, Jul 25, 2006 at 02:21:39PM +0200, Marc Haber
wrote:
> On Mon, Jul 24, 2006 at 04:37:44PM +0200, Marc Haber wrote:
> > You Cc''ed pkg-exim4-users, not exim-users. I''m going
to write to
> > exim-users.
Oops :)
> > Your patch looks good to me, but I''m reluctant to apply it
unless
> > Upstream decides to change their default logic as well.
> 
> Philip has answered rather positively,
>
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20060724/msg00046.html,
> so we''re going to wait for the change Philip will do for 4.63 and
> follow that change.
Ok!

-- 
Robert Millan

My spam trap is honeypot@aybabtu.com.  Note: this address is only intended for
spam harvesters.  Writing to it will get you added to my black list.