The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim 451-Could not complete sender verify callout

Discussion in 'General Discussion' started by hostserve, Feb 5, 2007.

  1. hostserve

    hostserve Well-Known Member

    Joined:
    Aug 25, 2006
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Does anyone know what this error message is for ?


    Some of our clients are complaining they are getting their e-mail bounced back at them with the following message:

    451-Could not complete sender verify callout
     
  2. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    hi,
    you can disable the "use callouts.........." option for exim from root WHM--->exim configuration editor.
    uncheck the box stating "use callout to verify..."

    see ya,
    mohit
     
  3. hostserve

    hostserve Well-Known Member

    Joined:
    Aug 25, 2006
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the advice Mohit,

    But why would I want to do that... ? would it not just allow more spam on the server(s) ..?

    The call out option, as I understand it, is supposed to be to help prevent spam as it verifies the sender?
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Welcome to the world of webhosting.

    In theory sender callouts or callbacks should help with spam. If you have it enabled on your server, then when mail comes into your server, your server calls back, and checks to see if the address used as the envelope sender in the e-mail transaction can really accept e-mail back. The method of thinking here is that nobody should be sending you a legitimate message from an address that you can't write back to.

    However, there are still some larger corporations who will do just that. They will send out a message from a nonexistant address because they do not want to receive any reply backs. Why this is done, I do not know. In my opinion, the better solution would be to route mail used for this envelope sender to a /dev/null or some other blackhole. However, if this is not done, then mail from those locations will fail to reach your server because the sender callback will fail.

    Yet another case where sender callbacks will interfere with regular mail delivery is if a mail server is not accepting mail from the null sender as per RFC 1123. Exim uses the null sender as part of the sender verifying process. A lot of mail servers will just blindly reject any mail stating to be from the null sender. Whether or not this is warranted is left up for another discussion, but the fact remains that if a mail server is rejecting mail from the null sender then it is breaking RFC 1123. I am of the thinking that one should follow RFC standards as best as you can, just because there has to be some form of standardization with communication or else you run the risk of some communications working and some not if no standard is followed. Never-the-less, if you have sender callouts enabled, then mail from domains whose mail server rejects the null sender, those messages will not be accepted by your server.

    Now you get to make a decision. Do you enable sender callouts or not? If you disable sender callouts, then you will likely receive more spam and your users may inquire about the amount of spam that they receive. If you disable sender callouts, your mail queue will also likely grow larger because your mail server will be accepting more faked spam messages. If you enable sender callouts, then you will likely have users inquire about why they are not receiving some messages and why they are seeing the sender verify failed messages. In my opinion, all the "cons" for enabling sender verify are elements that point back to poor administration on the sender's server. However in practice, end users usually care less about defining standards and they just want to receive their messages. So there's not really a win-win situation.

    Perhaps the best solution would be to educate your users that see these sender verify failed messages and explain why they are failing. Ideally, end users would understand this and movements would be made to insure that all mail servers accept the null sender (or at least open a discussion as to how better handle this) and that all legitimate mail from larger corporations needs to be sent from real addresses.
     
  5. hostserve

    hostserve Well-Known Member

    Joined:
    Aug 25, 2006
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the extensive post... I appreciate it.

    However, I'm concerned... and don't know if it is our server that is causing the failed messages or if it is our clients server....

    meaning, I don't know if is because we have caused this due to an impropperly setup mail server or if it is due to a spam prevention setting enabled by one of the admins (which I just fired).


    Where would this option be listed in Cpanel so I can check to see if it is on our end or their end??
     
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    If you log into your WHM and click the Exim Configuration Editor check to see if the option for Use callouts to verify the existence of email senders. is checked. If it is, sender callouts is enabled. If not, sender callouts is disabled.
     
  7. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    So perfectly written.
    Thanks.
    I was in the process of writing something about this for my users, and your wording is great.

    I might use my long winded version, and then point to your explanation as a more succinct description.

    Brian
     
  8. rlueth

    rlueth Member

    Joined:
    Feb 20, 2004
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Donald, Oregon
    Welcome to the world of webhosting.

    Where is the whitelist List.. :)
    Ahh Chirpy.....
     
  9. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    You can't whitelist this problem, it's the sending server that is really the problem in this instance. I had this problem with a client who was relying on emails from their bank that some funds had been collected. If they didn't acknowledge the funds within 24 hours the money was reverted back to their customer as a refund. (Silly in and of itself, but I digress...) The bank's servers were totally ignoring the callback requests - meaning the address they were sending from was a non-existant one. And this was a large bank in the US! Calls to their IT dept went unanswered so we had to untick the callback setting on that box.
     
  10. t9clkclnr

    t9clkclnr Well-Known Member

    Joined:
    Jun 11, 2004
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Southern California
    ah same situation

    Having that problem with a can of mine. I had to uncheck the call out for 1 stinking user. This was my decision.

    However, as a compromise to this I have installed the assp spam killer and have not had to deal with anymore spam then usual.

    A decent Spam software package should put your mind at ease in regards to unticking this option.

    Good luck.
     
    #10 t9clkclnr, Feb 21, 2007
    Last edited: Feb 21, 2007
  11. bornonline

    bornonline Well-Known Member

    Joined:
    Nov 19, 2004
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
  12. tripper

    tripper Member

    Joined:
    Feb 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    N.W. Iowa
    we added this awhile ago, and seems to work quiet well, but the interesting thing is no matter how we add the emails that come from this forum, to the whitelist, their emails always fails via the sender/callout are rejected. We've tried the following in the sender/callout whitelist listing

    Code:
    nobody@lightning.cpanel.net
    *cpanel.net
    *.cpanel.net
    *@cpanel.net
    *lightning.cpanel.net
    billing@cpanel.net
    
    we've tried any which way we could think of, to add the email come from this forum to the sender/callout white list, but it's always rejected via the sender/callout. If anyone could shed some lite on this, and how they manage to get around this, would luv to know how they did it. The only one of my email accounts that would except email from this forum is my yahoo.com account ... go figure :) My main account domain and my ISP email account rejects emails from this forum.

    Mickalo
     
    #12 tripper, Feb 22, 2007
    Last edited: Feb 22, 2007
  13. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
Loading...

Share This Page