Preface:
- Firsty: yes, I'm fully aware of all issues associated with
https://en.wikipedia.org/wiki/Callout_verification
(and there is a LOT of them!)
- I'm not looking for debate about general usefulness of Callout
verification (and the system for which it is being investigated is
not general-purpose e-mail system).
- I'm also not looking for alternative sender validations and related
schemes which might give similar results (like SPF / DKIM
verifications, SpamAssassin AWL/TxRep/whitelist_* etc.) but only
for checking sender via Callout verification.
The question:
I'm looking for existing solution to check in SpamAssassin (as a part
of custom complex set of meta rules) whether e-mail of the sender[1] has
recently[2] been "callout-verified" [3] by '250 Ok' response to RCPT TO.
The system in question has amavis / postfix beneath, if that helps
(so e.g. re-using postfix verify_cache.db is an option)
Is anyone aware of an existing SpamAssassin plugin or similar which
can do SMTP Callout verification?
Thanks,
Matija
[1] where sender is ideally header "From:" (possibly overriden by
"Reply-To:" header if it exists); but I'd settle for envelope
FROM too if that is the best that can be easily done
[2] caching for callout verification is implied and required; so
e-mail address which have already been queried won't be asked
again for some time.
[3] as noted at start, all caveats with Callout results are known
(e.g. that it does not guarantee that the sender actually exists
or that the e-mail to that address can actually be sent in the
future)
--
Opinions above are GNU-copylefted.
- Firsty: yes, I'm fully aware of all issues associated with
https://en.wikipedia.org/wiki/Callout_verification
(and there is a LOT of them!)
- I'm not looking for debate about general usefulness of Callout
verification (and the system for which it is being investigated is
not general-purpose e-mail system).
- I'm also not looking for alternative sender validations and related
schemes which might give similar results (like SPF / DKIM
verifications, SpamAssassin AWL/TxRep/whitelist_* etc.) but only
for checking sender via Callout verification.
The question:
I'm looking for existing solution to check in SpamAssassin (as a part
of custom complex set of meta rules) whether e-mail of the sender[1] has
recently[2] been "callout-verified" [3] by '250 Ok' response to RCPT TO.
The system in question has amavis / postfix beneath, if that helps
(so e.g. re-using postfix verify_cache.db is an option)
Is anyone aware of an existing SpamAssassin plugin or similar which
can do SMTP Callout verification?
Thanks,
Matija
[1] where sender is ideally header "From:" (possibly overriden by
"Reply-To:" header if it exists); but I'd settle for envelope
FROM too if that is the best that can be easily done
[2] caching for callout verification is implied and required; so
e-mail address which have already been queried won't be asked
again for some time.
[3] as noted at start, all caveats with Callout results are known
(e.g. that it does not guarantee that the sender actually exists
or that the e-mail to that address can actually be sent in the
future)
--
Opinions above are GNU-copylefted.