Preface:
- Firsty: yes, I'm fully aware of all issues associated with https://en.wikipedia.org/wiki/Callout_verification (and there is a LOT of them!) - I'm not looking for debate about general usefulness of Callout verification (and the system for which it is being investigated is not general-purpose e-mail system). - I'm also not looking for alternative sender validations and related schemes which might give similar results (like SPF / DKIM verifications, SpamAssassin AWL/TxRep/whitelist_* etc.) but only for checking sender via Callout verification. The question: I'm looking for existing solution to check in SpamAssassin (as a part of custom complex set of meta rules) whether e-mail of the sender[1] has recently[2] been "callout-verified" [3] by '250 Ok' response to RCPT TO. The system in question has amavis / postfix beneath, if that helps (so e.g. re-using postfix verify_cache.db is an option) Is anyone aware of an existing SpamAssassin plugin or similar which can do SMTP Callout verification? Thanks, Matija [1] where sender is ideally header "From:" (possibly overriden by "Reply-To:" header if it exists); but I'd settle for envelope FROM too if that is the best that can be easily done [2] caching for callout verification is implied and required; so e-mail address which have already been queried won't be asked again for some time. [3] as noted at start, all caveats with Callout results are known (e.g. that it does not guarantee that the sender actually exists or that the e-mail to that address can actually be sent in the future) -- Opinions above are GNU-copylefted.
