Querying other SMTP server for valid addresses?

Mike Bacher isp-list at TULSACONNECT.COM
Sat Nov 20 00:08:09 GMT 2004 

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steve Swaney wrote:

> 
> Yes, there is a way. If you use sendmail, you might want to look at
> milter-ahead.
> 
>         http://www.milter.info/milter-ahead/
> 
> I quote from the web site:
> 
> "This Sendmail milter (mail filter) allows a gateway mail server to
> call-ahead to a relay or internal mail store before accepting mail for
> recipients of a message. Think of it as a lazy man's LDAP. It could also be
> used by fallback MX servers to verify recipients with the primary MX."

Looks like exim has this sort of facility built-in.  Per the manual:

38.21. Callout verification

For non-local addresses, routing verifies the domain, but is unable to do any checking of 
the local part. There are situations where some means of verifying the local part is 
desirable. One way this can be done is to make an SMTP callback to the sending host (for a 
sender address) or a callforward to a subsequent host (for a recipient address), to see if 
the host accepts the address. We use the term callout to cover both cases. This facility 
should be used with care, because it can add a lot of resource usage to the cost of 
verifying an address. However, Exim does cache the results of callouts, which helps to 
reduce the cost. Details of caching are in the next section.

Recipient callouts are usually used only between hosts that are controlled by the same 
administration. For example, a corporate gateway host could use callouts to check for 
valid recipients on an internal mailserver. A successful callout does not guarantee that a 
real delivery to the address would succeed; on the other hand, a failing callout does 
guarantee that a delivery would fail.

If the callout option is present on a condition that verifies an address, a second stage 
of verification occurs if the address is successfully routed to one or more remote hosts. 
The usual case is routing by a dnslookup or a manualroute router, where the router 
specifies the hosts. However, if a router that does not set up hosts routes to an smtp 
transport with a hosts setting, the transport's hosts are used. If an smtp transport has 
hosts_override set, its hosts are always used, whether or not the router supplies a host 
list.

The port that is used is taken from the transport, if it is specified and is a remote 
transport. (For routers that do verification only, no transport need be specified.) 
Otherwise, the default SMTP port is used. If a remote transport specifies an outgoing 
interface, this is used; otherwise the interface is not specified.

For a sender callout check, Exim makes SMTP connections to the remote hosts, to test 
whether a bounce message could be delivered to the sender address. The following SMTP 
commands are sent:

   HELO <primary host name>
   MAIL FROM:<>
   RCPT TO:<the address to be tested>
   QUIT

LHLO is used instead of HELO if the transport's protocol option is set to ^Ólmtp^Ô.

A recipient callout check is similar. By default, it also uses an empty address for the 
sender. This default is chosen because most hosts do not make use of the sender address 
when verifying a recipient. Using the same address means that a single cache entry can be 
used for each recipient. Some sites, however, do make use of the sender address when 
verifying. These are catered for by the use_sender and use_postmaster options, described 
in the next section.

If the response to the RCPT command is a 2xx code, the verification succeeds. If it is 
5xx, the verification fails. For any other condition, Exim tries the next host, if any. If 
there is a problem with all the remote hosts, the ACL yields ^Ódefer^Ô, unless the defer_ok 
parameter of the callout option is given, in which case the condition is forced to succeed.

-- 

-----------------------------------------
Mike Bacher / isp-list at tulsaconnect.com
TCIS - TulsaConnect Internet Services
Phone: 918-584-1100x110 Fax: 918-582-5776
-----------------------------------------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list