From 65cf2f49508f04297239866bc8a4e8590db15d27 Mon Sep 17 00:00:00 2001 From: Matthijs Kooijman Date: Mon, 4 May 2009 14:58:56 +0200 Subject: [PATCH] exim: Don't do sender verification by callout. Doing callouts puts extra resource pressure on the called server. Since the sender address will be forged in a lot of cases anyway, this won't really help us and can be used in a DDOS attack on some server. See http://www.backscatterer.org/index.php?target=sendercallouts --- etc/exim4/conf.d/acl/30_exim4-config_check_rcpt | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt b/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt index 21be517..44da6dc 100644 --- a/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt +++ b/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt @@ -76,13 +76,9 @@ acl_check_rcpt: # Deny unless the sender address can be verified. - # - # This also performs "callout" verification, i.e., connect to the sender's - # mailserver and see if it accepts the mail address. This is quite - # expensive, but might save a bunch of spamchecks... deny message = Sender verification failed - !verify = sender/callout + !verify = sender # Accept if the message arrived over an authenticated connection, from -- 2.30.2