Omit Sender verify for certain mails?

[gflamerich]

Hi
This should sound extrange, but we have a client who needs to receive emails from a couple of addresses that doesn't pass sender verification.
We alredy tryed to talk to the other end to correct the problem, but there are huge Companies and wont' change their policy ..... so here we are......
We have sender verification activated (and want to keep it htat way), so want to know if its possible to bypass sender verification for some addresses. Don't know witch is better, a whole domain, IP address, individual email address, but at this point, any option may help.
Thanks

 

[nisse]

You could do it like this in exim.conf:

addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders

Then put the sender addresses in the file /etc/whitelist_senders, one per line, e.g.

[email protected]
*@domain2.tld

Then add the following line to your sender verify statement:

!senders = +whitelist_senders

 

[gflamerich]

Thank you for you reply,
Could you be so kind and be a little more spcecific on where should I put the
!senders = +whitelist_senders

Here is our config

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

# Always accept mail to postmaster & abuse for any local domain
accept domains = +local_domains
local_parts = postmaster:abuse

# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}


# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

#if it gets here it isn't mailman

#sender verifications are required for all messages that are not sent to lists

require verify = sender/callout=5s,defer_ok
accept domains = +local_domains
endpass

#recipient verifications are required for all messages that are not sent to the local machine
#this was done at multiple users requests

message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
verify = recipient

accept domains = +relay_domains

warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts

warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.


#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept

 

[nisse]

It should go here:

#sender verifications are required for all messages that are not sent to lists

require verify   = sender/callout=5s,defer_ok
        !senders = +whitelist_senders

accept domains = +local_domains
endpass

 

[gflamerich]

Nisse
Thank you very much!

 

[gflamerich]

Doesn't seems to be working properly....
Here is the log. We sent an email to test and had this at the mail log. Now, after accepting the sender as valid, rejects the local address ...

H=(mail.inwhitelist.net) [##.###.###.###] F=<[email protected]> rejected RCPT <[email protected]>

 

[nisse]

Ah, sorry about that - it's because of the way the "require" verb works. Give me a few minutes and I'll come up with something.

 

[nisse]

Ok, change it to this:

deny
  !verify   = sender/callout=5s,defer_ok
  !senders  = +whitelist_senders
  
accept domains = +local_domains
endpass

Something I missed the first time round; you also need to change this at the bottom:

check_message:
deny
  !verify   = header_sender
  !senders  = +whitelist_senders
accept

Hope this works!

 

[gflamerich]

Yes, it works!
Thanks again

 

[wkdwich]

You could do it like this in exim.conf:

addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders

I totally get the rest of this repair.. but is this line also being added to the exim conf file?? If so where??

 

[AlexAT]

Ok, change it to this:

deny
  !verify   = sender/callout=5s,defer_ok
  !senders  = +whitelist_senders
  
accept domains = +local_domains
endpass

Something I missed the first time round; you also need to change this at the bottom:

check_message:
deny
  !verify   = header_sender
  !senders  = +whitelist_senders
accept

Hope this works!

Does not work from my side.
1. I create whitelist_senders file in the /etc dir:

ls -l /etc/whitelist_senders 
-rw-r--r--    1 root     root           19 Aug 31 14:19 /etc/whitelist_senders

2. I put such instructions in the exim configuration via WHM.

Then my exim_mainlog contains the following:

2006-08-31 14:19:19 1GIkZr-0002CD-Tn unknown named address list "+whitelist_senders"
2006-08-31 14:19:22 1GIkZs-0002Cq-1D unknown named address list "+whitelist_senders"
2006-08-31 14:19:22 1GIkZq-0002Cm-L2 unknown named address list "+whitelist_senders"
2006-08-31 14:19:23 1GIkZu-0002Cp-ND unknown named address list "+whitelist_senders"
2006-08-31 14:19:24 1GIkZr-0002Co-Oi unknown named address list "+whitelist_senders"
2006-08-31 14:19:27 1GIkZx-0002Cz-Cp unknown named address list "+whitelist_senders"
...

Could you please advice, where the problem is?
Thank you.

 

[AlexAT]

I already found an answer.
I forgot to create alias:

addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders

Now all works like a charm.
Thank you !

 

[GPH]

Hi, I tried to implement this but got a syntax error on !senders = +whitelist_senders

Is there any info you require?


Thanks

 

[GPH]

Just tried again and still get the error...

error in ACL: unknown ACL verb in "!senders = +whitelist_senders"

And this is what i have in the config..

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

drop hosts = /etc/exim_deny
message = Connection denied after dictionary attack
log_message = Connection denied from $sender_host_address after dictionary attack
!hosts = /etc/exim_deny_whitelist
!hosts = +relay_hosts
!authenticated = *

drop message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count failures)
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
!verify = recipient
!hosts = /etc/exim_deny_whitelist
!hosts = +relay_hosts
!authenticated = *

# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}


# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

#if it gets here it isn't mailman

#sender verifications are required for all messages that are not sent to lists

require verify = sender/callout
accept domains = +local_domains
endpass

#recipient verifications are required for all messages that are not sent to the local machine
#this was done at multiple users requests

message = "The recipient cannot be verified. $acl_verify_message"
verify = recipient

accept domains = +relay_domains : certapay.com

warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts

warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.


#!!# ACL that is used after the DATA command
check_message:
# Enabling this will make the server non-rfc compliant
# require verify = header_sender
accept

Thanks

 

[furquan]

Hi,

I am also getting the same error, and m not sure how to get this resolved :

2006-10-14 18:36:20 unknown named address list "+whitelist_senders"
2006-10-14 18:36:20 unknown named address list "+whitelist_senders"

Has any one found a solution yet ?


Thanks

 

[furquan]

I already found an answer.
I forgot to create alias:

addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders

Now all works like a charm.
Thank you !

Pardon my ignorance, But how did you create that alias. Where do i need to enter that ?

Thanks

 

[troubleshooter]

In the first section of your exim configuration file where all the other lists are declared. It's the first editable section in WHM.

Terry

 

[furquan]

Terry :

Thanks for the response. Reconfirm again .....

Is it the very first blank box in the Advnace mode of "Exim Configuration Editor"

Coz that is blank at the moment.

Thanks

 

[troubleshooter]

Yes, the very first section.

This is a sample of what I have in my first section.

## sender address lists
addresslist sender_whitelist= lsearch*@;/etc/exim/sender_whitelist
addresslist sender_blacklist= lsearch*@;/etc/exim/sender_blacklist

I have customized my configuration to use different lists for various things in my ACLs. The first section is where the lists are put and other types of customisations. You;d need to look at the exim docs to see what else can be customised there. Other sections of exim.conf (the ACLs) refer to the first section when I reference a list. You reference a list as +listname - example if I wanted to use /etc/exim/sender_whitelist I'd refer to it in an ACL as +sender_whitelist. If you haven't used any lists or customised anything else, it's not uncommon to have a blank first section.

Terry

 

[furquan]

Thanks a lot for your response Terry.

I had this issue for the whole last week...and i did not realise that the Alias was missing.

Thanks a lot.