I've been using sender address verification callbacks for a long time. It helps eliminate a lot of spam by checking if the sender's address is deliverable. Unfortunately, there are a number of systems that send mail with an invalid envelope sender. These are often generated by scripts on a web server where the sender defaults to firstname.lastname@example.org. There are also a number of misconfigured mail server, mostly IMail installations, that do not accept messages with null senders. This not only prevents their users from receiving bounce messages, but also prevents sender address verification from working.
Up until yesterday, I've rejected messages at RCPT time that fail sender address verification. Trying to deal with the number of false positives for a significant number of users has proven to be too dificult. So I decided to continue using sender address verification, but incorporate the result into an overall SpamAssassin score.
Andrew, on the exim-users list provided a helpful Exim ACL snippet which I modified a bit and came up with the following:
acl_callout_test: warn set acl_m6 = TEMP accept verify = sender/callout=60s,random set acl_m6 = OK warn set acl_m6 = FAIL acl_check_rcpt: warn acl = acl_callout_test warn message = X-Sender-Verification: $acl_m6
This adds an X-Sender-Verification header which I then check for in SpamAssassin.
header POSTICA_SENDER_ADDRESS_FAIL X-Sender-Verification =~ /FAIL/ describe POSTICA_SENDER_ADDRESS_FAIL Sender Address Verification Failure score POSTICA_SENDER_ADDRESS_FAIL 2.0 header POSTICA_SENDER_ADDRESS_TEMPFAIL X-Sender-Verification =~ /TEMP/ describe POSTICA_SENDER_ADDRESS_TEMPFAIL Sender Address Verification Temp Failure score POSTICA_SENDER_ADDRESS_TEMPFAIL 1.0
I may have to tweak the scores, but so far, it's working pretty well.
The state is that great fiction by which everyone tries to live at the expense of everyone else. - Frederic Bastiat