Doing callouts puts extra resource pressure on the called server. Since
the sender address will be forged in a lot of cases anyway, this won't
really help us and can be used in a DDOS attack on some server. See
http://www.backscatterer.org/index.php?target=sendercallouts
# Deny unless the sender address can be verified.
- #
- # This also performs "callout" verification, i.e., connect to the sender's
- # mailserver and see if it accepts the mail address. This is quite
- # expensive, but might save a bunch of spamchecks...
deny
message = Sender verification failed
- !verify = sender/callout
+ !verify = sender
# Accept if the message arrived over an authenticated connection, from