Hello!
On Wed, Jul 06, 2005 at 04:25:42PM +0100, David Woodhouse wrote:
On Wed, 2005-07-06 at 17:09 +0200, Hannah Schroeter wrote:
Now, one could enforce the standards more strictly, i.e.
accept mail to non-SRS/SES addresses only from *non*-empty envelope
froms, and accept mail to SRS/SES addresses only from empty envelope
senders.
Be very careful with the latter. There are some broken systems which do
SMTP sender verification callouts with non-empty MAIL FROM, and you'd be
rejecting their probes.
Makes some sense, though, they're bogus and should be fixed (IIRC,
postfix is one of the more popular ones among them :-( ).
Systems doing SMTP verification of email addresses using MAIL FROM/RCPT
TO should differentiate and verify envelope senders with an empty own
MAIL FROM, and verify other addresses with a non-empty special MAIL
FROM (which should be valid, and have SPF unknown or pass, too).
Kind regards,
Hannah.