[Mimedefang] a case for supporting EXPN/VRFY on an internal s erver
Brian Leyton
bleyton at cpe-corp.com
Thu Jan 12 12:36:23 EST 2006
Gary Funck wrote:
>
> One of the difficulties we run into with MdF in general and
> greylisting in particular is that recipient address
> verification (via the access
> database) is delayed via delay_checks. So, basically we
> tempfail messages with invalid recipient addresses that we
> should reject outright at the HELO phase, and these messages
> will have to be bounced later if the sender retries.
> Further, if we're front-ending other servers, we may not even
> know whether the user address is valid.
>
> But ... if the internal servers (including a dummy server on
> the relay box for access_db checks) supported VRFY, then MdF
> could check the addresses early on by first consulting the
> internal server(s).
>
> Make sense?
Yeah, that does make a lot of sense, and it's probably doable, but I've
found that it's simpler to just extract all of the valid addresses from the
internal server with a cron job, then build an access.db for the front-end
server to use. This allows you to reject the bad addresses at MTA level, so
that you don't even need to invoke MdF. I'm using Sendmail, but I imagine
this would work with other MTAs as well.
Here are a couple of different approaches to this issue:
http://www.mimedefang.org/kwiki/index.cgi?RelayCheckAddresses
http://www.mimedefang.org/kwiki/index.cgi?Exchange2Access
I use the second technique. Just remember that you need to add:
to:yourdomain.com ERROR:5.1.1:"550 User unknown"
to the beginning of your access database, so that the server will reject
everything that doesn't match a valid recipient address.
Brian Leyton
IT Manager
Commercial Petroleum Equipment
More information about the MIMEDefang
mailing list