The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Omit Sender verify for certain mails?

Discussion in 'E-mail Discussions' started by gflamerich, Oct 17, 2005.

  1. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    Hi
    This should sound extrange, but we have a client who needs to receive emails from a couple of addresses that doesn't pass sender verification.
    We alredy tryed to talk to the other end to correct the problem, but there are huge Companies and wont' change their policy ..... so here we are......
    We have sender verification activated (and want to keep it htat way), so want to know if its possible to bypass sender verification for some addresses. Don't know witch is better, a whole domain, IP address, individual email address, but at this point, any option may help.
    Thanks
     
  2. nisse

    nisse Well-Known Member

    Joined:
    Nov 11, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    You could do it like this in exim.conf:

    addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders

    Then put the sender addresses in the file /etc/whitelist_senders, one per line, e.g.

    someone@domain1.tld
    *@domain2.tld

    Then add the following line to your sender verify statement:

    !senders = +whitelist_senders
     
  3. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    Thank you for you reply,
    Could you be so kind and be a little more spcecific on where should I put the
    !senders = +whitelist_senders

    Here is our config

    #!!# ACL that is used after the RCPT command
    check_recipient:
    # Exim 3 had no checking on -bs messages, so for compatibility
    # we accept if the source is local SMTP (i.e. not over TCP/IP).
    # We do this by testing for an empty sending host field.
    accept hosts = :

    # Always accept mail to postmaster & abuse for any local domain
    accept domains = +local_domains
    local_parts = postmaster:abuse

    # Accept bounces to lists even if callbacks or other checks would fail
    warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
    condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
    {yes}{no}}

    accept condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
    {yes}{no}}


    # Accept bounces to lists even if callbacks or other checks would fail
    warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
    condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
    {yes}{no}}

    accept condition = \
    ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
    {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
    {yes}{no}}

    #if it gets here it isn't mailman

    #sender verifications are required for all messages that are not sent to lists

    require verify = sender/callout=5s,defer_ok
    accept domains = +local_domains
    endpass

    #recipient verifications are required for all messages that are not sent to the local machine
    #this was done at multiple users requests

    message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
    verify = recipient

    accept domains = +relay_domains

    warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
    hosts = +relay_hosts
    accept hosts = +relay_hosts

    warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
    condition = ${perl{checkrelayhost}{$sender_host_address}}
    accept condition = ${perl{checkrelayhost}{$sender_host_address}}

    accept hosts = +auth_relay_hosts
    endpass
    message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.
    authenticated = *

    deny message = $sender_fullhost is currently not permitted to \
    relay through this server. Perhaps you \
    have not logged into the pop/imap server in the \
    last 30 minutes or do not have SMTP Authentication turned on in your email client.


    #!!# ACL that is used after the DATA command
    check_message:
    require verify = header_sender
    accept
     
  4. nisse

    nisse Well-Known Member

    Joined:
    Nov 11, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    It should go here:

    Code:
    #sender verifications are required for all messages that are not sent to lists
    
    require verify   = sender/callout=5s,defer_ok
            !senders = +whitelist_senders
    
    accept domains = +local_domains
    endpass
     
  5. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    Nisse
    Thank you very much!
     
  6. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    Doesn't seems to be working properly....
    Here is the log. We sent an email to test and had this at the mail log. Now, after accepting the sender as valid, rejects the local address ...

    H=(mail.inwhitelist.net) [##.###.###.###] F=<adress@inwhitelist.com> rejected RCPT <valid@emailaccount.net>
     
  7. nisse

    nisse Well-Known Member

    Joined:
    Nov 11, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Ah, sorry about that - it's because of the way the "require" verb works. Give me a few minutes and I'll come up with something.
     
  8. nisse

    nisse Well-Known Member

    Joined:
    Nov 11, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Ok, change it to this:

    Code:
    deny
      !verify   = sender/callout=5s,defer_ok
      !senders  = +whitelist_senders
      
    accept domains = +local_domains
    endpass
    Something I missed the first time round; you also need to change this at the bottom:

    Code:
    check_message:
    deny
      !verify   = header_sender
      !senders  = +whitelist_senders
    accept
    Hope this works! :)
     
  9. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    Yes, it works!
    Thanks again
     
  10. wkdwich

    wkdwich Well-Known Member

    Joined:
    Apr 11, 2005
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16
    I totally get the rest of this repair.. but is this line also being added to the exim conf file?? If so where??
     
  11. AlexAT

    AlexAT Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ukraine
    cPanel Access Level:
    Root Administrator
    Does not work from my side.
    1. I create whitelist_senders file in the /etc dir:
    Code:
    ls -l /etc/whitelist_senders 
    -rw-r--r--    1 root     root           19 Aug 31 14:19 /etc/whitelist_senders
    2. I put such instructions in the exim configuration via WHM.

    Then my exim_mainlog contains the following:
    Code:
    2006-08-31 14:19:19 1GIkZr-0002CD-Tn unknown named address list "+whitelist_senders"
    2006-08-31 14:19:22 1GIkZs-0002Cq-1D unknown named address list "+whitelist_senders"
    2006-08-31 14:19:22 1GIkZq-0002Cm-L2 unknown named address list "+whitelist_senders"
    2006-08-31 14:19:23 1GIkZu-0002Cp-ND unknown named address list "+whitelist_senders"
    2006-08-31 14:19:24 1GIkZr-0002Co-Oi unknown named address list "+whitelist_senders"
    2006-08-31 14:19:27 1GIkZx-0002Cz-Cp unknown named address list "+whitelist_senders"
    ...
    
    Could you please advice, where the problem is?
    Thank you.
     
  12. AlexAT

    AlexAT Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ukraine
    cPanel Access Level:
    Root Administrator
    I already found an answer.
    I forgot to create alias:
    Code:
    addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders
    Now all works like a charm.
    Thank you !
     
  13. GPH

    GPH Member

    Joined:
    May 15, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hi, I tried to implement this but got a syntax error on !senders = +whitelist_senders

    Is there any info you require?


    Thanks
     
  14. GPH

    GPH Member

    Joined:
    May 15, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Just tried again and still get the error...


    And this is what i have in the config..


    Thanks
     
  15. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    I am also getting the same error, and m not sure how to get this resolved :


    Has any one found a solution yet ?


    Thanks
     
  16. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16

    Pardon my ignorance, But how did you create that alias. Where do i need to enter that ?

    Thanks
     
  17. troubleshooter

    Joined:
    Feb 22, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    In the first section of your exim configuration file where all the other lists are declared. It's the first editable section in WHM.

    Terry
     
  18. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Terry :

    Thanks for the response. Reconfirm again .....

    Is it the very first blank box in the Advnace mode of "Exim Configuration Editor"

    Coz that is blank at the moment.

    Thanks
     
  19. troubleshooter

    Joined:
    Feb 22, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Yes, the very first section.

    This is a sample of what I have in my first section.

    Code:
    ## sender address lists
    addresslist sender_whitelist= lsearch*@;/etc/exim/sender_whitelist
    addresslist sender_blacklist= lsearch*@;/etc/exim/sender_blacklist
    
    
    I have customized my configuration to use different lists for various things in my ACLs. The first section is where the lists are put and other types of customisations. You;d need to look at the exim docs to see what else can be customised there. Other sections of exim.conf (the ACLs) refer to the first section when I reference a list. You reference a list as +listname - example if I wanted to use /etc/exim/sender_whitelist I'd refer to it in an ACL as +sender_whitelist. If you haven't used any lists or customised anything else, it's not uncommon to have a blank first section.

    Terry
     
  20. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Thanks a lot for your response Terry.

    I had this issue for the whole last week...and i did not realise that the Alias was missing.

    Thanks a lot.
     
Loading...

Share This Page