[Mimedefang] Sender Address Verification

Richard Laager rlaager at wiktel.com
Tue Nov 22 15:09:31 EST 2016

We have been doing sender address verification for years.

Looking through the code...

We use custom MIMEDefang code around DNS::Resolver and
md_check_against_smtp_server(). We wrap the md check in a block and use
alarm() to timeout, as MD's timeout doesn't always work (e.g. if the
server is intentionally or unintentionally tarpitting where TCP responds
quickly but SMTP is slow). We do our callback from the NULL sender
address. We do not perform the check if the sender to us is the NULL sender.

If we get a TEMPFAIL result, but the message matches /gr[ae]ylist/i, we
treat the address as valid.

We exempt *.bounces.google.com because they fail verification and we
don't want the score increase from it. We special-case *@charter.net, as
they (at least at one time) reject the NULL sender completely! We accept
MXes that point to CNAMEs, even though that is an RFC violation.

We cache invalid results for 1 hour and valid results for 7 days. We add
1.5 points for a tempfail and 3 points for a reject. None of these
values were exhaustively optimized.


More information about the MIMEDefang mailing list