Re: [Hampshire] VRIFY

Ottavio Caruso wrote:
> Hello,
>
>
> The scenario: this box is a linux mail relay, scanning mail and
> delivering to a destination mail server, a horrible M$ EXCHANGE.
>
> When it deals with recipient verification, the relay runs a local daemon
> that connects to the destination server via either LDAP or SMTP
> according to settings.
>
> Now, the EXCHANGE is notoriously crap at recipient verification and if
> you telnet the server at port 25 it will accept mail for any address @
> that domain, for example:
>
> 657657657567@???
> 67tr37y3y7@???
> invalid@???
>
> and so on.
>
> Now I have been told to advise the exchange's admin to enable VRFY.

It is recommended that this be disabled for net access as this is
often used by spammers and hackers to check valid emails/account names.

Usually vrfy returns 250 if verification is enabled or 252 if it is
disabled.

> I thought: what's it got to do with that?

VRFY is a lot quicker and cheaper then a full MAIL/RCPT test.

> What do you think?

Have the mail server VRFY incoming local email addresses via the
exchange box. WIth postfix this can be configured to use the builtin
caching server.

> I don't think that enabling VRFY will actually enable users verification
> on a mail server.

Correct! the VRFY command will need to be enabled and tied to the authen
backend. I *think* in MS-EX this is the same thing.

Alternatively you could have the mail frontend connect to the exchange
LDAP account server - if available.