> On Sat, 25 Aug 2007, Dave Pooser wrote: >> >> So do you run your servers with VRFY enabled? > > Yes. If you are verifying addresses at RCPT time, which you must to avoid > spam blowback, then there's no point disabling VRFY.
Except that I can verify addresses after checking blacklists, RDNS and other checks to make dictionary attacks harder on the spammers. It may be possible to put ACLs on VRFY in Exim, but I haven't looked into it. My larger point: If another server operator has disabled VRFY on his server, by what right do I attempt to circumvent his policy decision by using sender address verification? -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com "In our family, happy usually involves gunfire and at least two patrol cars showing up." --SomethingPositive.net
