james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: SMTP Verify - Opinions?
Date Wed, 05 Nov 2003 03:07:19 GMT
> I ran across a problem today that would be fixed by
> implementing the SMTP VRFY functionality.

> I also read the rationale for "NoFastFail" in the wiki section

Mind you, we do have some limited fast-fail, and will likely add more.  But
only the kind that can be reliably done at SMTP protocol time.

> I'm soliciting opinions from anyone before I try to implement
> the VRFY command.

It won't work for any site that uses virtual hosting, mailing lists, or
other mappings.  It will only work in the very limited case where all of
your users have entries in the James user repository.  By way of example, I
have multiple e-mail identities.  They are mapped to one of two mailboxes (a
role mailbox for administrative things, and a personal mailbox).  *Neither*
of the mailbox names matches one of my valid RFC 2821 local-parts.  If we
had SMTP VRFY, many of us would have to disable it, since it would provide
false and mis-leading answers.

In the future, we might use JNDI in such manner that all of a person's
e-mail identities could be known by the server, allowing SMTP VRFY to work
in a wider number of cases (it still would not handle mappings that are not
present in the user directory).

> If I were to enable verify functionality, the spam filters at aol
> (and other servers) could at least determine that the email
> address was invalid and not feel compelled to notify me.

Very, VERY, few mail system will use SMTP VRFY at all, much less in the
manner you describe.  Do you have any reason to believe that AOL will behave
that way?

> Since spammers are misusing my domain name, it seems that even though I
> am not running James as an open relay, my domain name is at risk of
> being blacklisted as a result of misuse by others.

Highly unlikely.  The spoofing issue has been well-known by mail
administrators for years.  Blocklisting is done based upon the IP address of
the offending sender.

	--- Noel

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message