The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

550 Sender Verification Failure

Discussion in 'E-mail Discussions' started by jazee, Apr 27, 2017.

  1. jazee

    jazee Active Member

    Joined:
    Jan 12, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I'm getting this error when attempting to send email to my Cpanel server from a script on my other server. The From, and Reply-To address is bogus because I have no email accounts on the sending server. Initially I thought it was because I didn't have an A record in the DNS for the bogus sending address but adding the domain to the DNS didn't fix it.

    This is actually the error from the 3rd party spam filter I use which forwards the email:

    While attempting to deliver an email from root@serv2.mydomain.com to valid@myotherdomain.com the message was refused by your server. The error details received are listed below:

    SMTP error from remote mail server after RCPT TO:<valid@myotherdomain.com>: 550-Verification failed for <root@serv2.mydomain.com>
    550-The mail server could not deliver mail to root@serv2.mydomain.com. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
    550 Sender verify failed

    This message is odd as the email is being sent to valid@myotherdomain.com but it says "could not deliver to root@serve.mydomain.com" That's the SENDER address! So is this basically saying Exim is trying to establish an SMTP connection with the Sender's server and try to verify the email address exists but acting like it's going to send an email to the sender address??

    So as I said, serv2.mydomain.com now has an A record in the DNS.
    valid@myotherdomain.com is a valid email address
    root@serv2.mydomain.com does not have an email box (or at least not defined in Cpanel) - centos may create an account, but it would be undeliverable I think from outside since there is no Cpanel domain account created for serv2.mydomain.com

    What I noticed is in the PHP script despite setting the From: and Reply-to headers, the From displays what I set it to but looking at the email header I see the server keeps putting in root@serv2.mydomain.com I can see this because the email DOES go through if I send it to a Gmail address.

    What's interesting is the address in the header is the server name@ instead of root@

    Received: from serv2.mydomain.com
    by mx.google.com with ESMTPS id f91si671975iod.190.2017.04.25.13.29.41
    for <valid@gmail.com>
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Tue, 25 Apr 2017 13:29:41 -0700 (PDT)
    Received: from server-name by serv2.mydomain.com with local (Exim 4.89)
    (envelope-from <server-name@serv2.mydomain.com>)
    id 1d375g-0006Tc-6R
    for valid@gmail.com; Tue, 25 Apr 2017 13:29:40 -0700

    I'd like to implement a solution on the sending server side because if my Cpanel recipient server is rejecting it, then other's can so I prefer not to set Exim exceptions on the receiving server side (such as: Sender verification=off, or, Trusted SMTP IP addresses: IP addresses exempt from all SMTP sender, recipient, spam, and relaying checks.)

    So do I need to create a domain serv2.mydomain.com in Cpanel and add a root account email address (I'm guessing not).

    Or what about this setting on the sending Cpanel server?

    EXPERIMENTAL: Rewrite From: header to match actual sender [?]
    If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.

    or

    Set SMTP Sender: headers [?]
    (-f flag passed to sendmail) This will create “On behalf of” notices in Microsoft® Outlook, but it may also help track abuse of the mail system since recipients will see the SMTP login used to send each message.


    I'm at a loss of the what the proper solution for this issue would be?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,094
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The issue is that the server receiving the message sees the full message header and correctly determines the address you are sending the message from doesn't exist (and thus fails validation).

    You can adjust the PHP script on the server you are sending the email from so that it uses SMTP authentication with an actual email account created on that server. The top answer on the following third-party URL provides an example of a script you can use:

    Sending email with PHP from an SMTP server

    Or, the alternative is to browse to the "Access Lists" tab in "WHM >> Exim Configuration Manager >> Basic Editor" on the cPanel server you are sending the message to and add the IP address the message is coming from under the "Trusted SMTP IP addresses" option.

    Thank you.
     
  3. asajay

    asajay Member

    Joined:
    Sep 28, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have a similar problem. I want Sender Verification Callouts turned ON, but it's blocking various emails, including Yahoo Groups and my Barracuda Spam and Virus firewall. What I'd like to do is whitelist specific email address if I could, but I can't find a way to do that, unless I can enter email addresses in the trusted IP addresses area.

    Is there a way to whitelist email addresses against the Sender Verification Callouts setting?

    Thank you,
    Asa Jay
     
  4. jazee

    jazee Active Member

    Joined:
    Jan 12, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I believe you can whitelist in in the Exim settings. I haven't done it so not sure exactly which setting but you can experiment to find the right one as I think there are only 2 or 3 whitelist type settings?

    Getting back to the original issue, I've developed web apps, many over 15 years that send email via PHP script. It's only in the past 6 months or so I started running into this issue. I've never used SMTP authentication in the 15-20 apps I've created that send email. However this is the first one on this particular server where the domain has no mx record and no email accounts. But it might also be that the only email headers the script is setting is, To:, From:, and Reply-to. I think in the past I also set x-mailer: php or something like that too if I recall. It's obviously been a few months since I had to create a script that sends email so maybe the main issue is my memory isn't as good as it used to be. LOL.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,094
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    There's no built-in feature to whitelist individual email accounts from the "Sender Verification Callouts" option. I suggest opening a feature request for this via:

    Submit A Feature Request

    You may also find the following thread helpful if you are comfortable developing custom Exim rules:

    List of domains / providers that have problems when using callouts

    Thank you.
     
Loading...

Share This Page