When you configure VPOP3 to LAN Forward to another mail server and specify a wildcard address, such as *@mydomain.com, it is unlikely that every possible email address will be valid at the onward mail server. If VPOP3 attempts to forward undeliverable messages, and the onward mail server rejects them, VPOP3 will have to generate a delivery failure report for that message, which can cause 'backscatter'. Because of this, it can be useful to have VPOP3 verify that the email address is allowed before it accepts the message in the first place.
That is what the LAN Forwarding Verification facility is for. When VPOP3 receives a message which it is configured to LAN forward using a wildcard (containing *, ~ or ?) LAN Forwarding rule, then it can perform an action to verify that the address is allowed before accepting the incoming message.
Normally, VPOP3 does not perform any type of verification when it receives an incoming message, but you can create rules by telling VPOP3 how to check with the onward mail server whether the address is valid. To do this, press the Add button and put the server address (as defined in the LAN Forwarding configuration) in the Server column. Choose the verification type in the Type column, and, if you are using Minger verification, put the Minger shared-secret in the Secret column.
The two types of verification that VPOP3 supports are:
With Call-Forward verification, VPOP3 tries to make a connection to the onward server to start sending a message to the recipient to see if the onward server will accept messages to that recipient. VPOP3 won't actually send a message, but it tries to send a message from a blank return-path to the specified recipient. This can fail if the onward mail server supports BATV or otherwise does not allow messages from a blank return-path. It can also make some servers become suspicious of VPOP3 because it can appear to be trying invalid recipients (when there are incoming messages for incoming recipients), so you may need to tell the onward mail server to trust VPOP3.
Call-Forward verification should work with most SMTP servers as long as they are configured to allow the blank return-path messages from VPOP3 without blocking it.
If VPOP3 cannot connect to the onward mail server at all (eg it is not running), then VPOP3 remembers if it has recently seen that the recipient was unknown, if it was then it will reject the incoming message, otherwise the recipient will be accepted (including if the recipient has not been checked before).
With Minger (Mail pINGER) verification, VPOP3 connects to a Minger service on the onward server to verify the address. Minger is a protocol specifically designed for verifying email addresses for this type of purpose. It is not widely supported, but VPOP3 supports it, as do several other mail servers. The Minger server has a 'secret' (password) to prevent unauthorised use, which you need to tell this verification feature about in the Secret column.
If the onward server supports it, Minger verification is the best option to use as it was designed specifically for this purpose.
Again, if VPOP3 cannot connect to the onward mail server at all (eg it is not running), then VPOP3 remembers if it has recently seen that the recipient was unknown, if it was then it will reject the incoming message, otherwise the recipient will be accepted (including if the recipient has not been checked before).