Omit Sender verify for certain mails?

gflamerich · Oct 17, 2005

Hi
This should sound extrange, but we have a client who needs to receive emails from a couple of addresses that doesn't pass sender verification.
We alredy tryed to talk to the other end to correct the problem, but there are huge Companies and wont' change their policy ..... so here we are......
We have sender verification activated (and want to keep it htat way), so want to know if its possible to bypass sender verification for some addresses. Don't know witch is better, a whole domain, IP address, individual email address, but at this point, any option may help.
Thanks

nisse · Oct 17, 2005

You could do it like this in exim.conf:

addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders

Then put the sender addresses in the file /etc/whitelist_senders, one per line, e.g.

someone@domain1.tld
*@domain2.tld

Then add the following line to your sender verify statement:

!senders = +whitelist_senders

gflamerich · Oct 17, 2005

Thank you for you reply,
Could you be so kind and be a little more spcecific on where should I put the
!senders = +whitelist_senders

Here is our config

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

# Always accept mail to postmaster & abuse for any local domain
accept domains = +local_domains
local_parts = postmaster:abuse

# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

#if it gets here it isn't mailman

#sender verifications are required for all messages that are not sent to lists

require verify = sender/callout=5s,defer_ok
accept domains = +local_domains
endpass

#recipient verifications are required for all messages that are not sent to the local machine
#this was done at multiple users requests

message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
verify = recipient

accept domains = +relay_domains

warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts

warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.

#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept

nisse · Oct 17, 2005

It should go here:

Code:

#sender verifications are required for all messages that are not sent to lists

require verify   = sender/callout=5s,defer_ok
        !senders = +whitelist_senders

accept domains = +local_domains
endpass

gflamerich · Oct 17, 2005

Nisse
Thank you very much!

gflamerich · Oct 17, 2005

Doesn't seems to be working properly....
Here is the log. We sent an email to test and had this at the mail log. Now, after accepting the sender as valid, rejects the local address ...

H=(mail.inwhitelist.net) [##.###.###.###] F=<adress@inwhitelist.com> rejected RCPT <valid@emailaccount.net>

nisse · Oct 17, 2005

Ah, sorry about that - it's because of the way the "require" verb works. Give me a few minutes and I'll come up with something.

nisse · Oct 17, 2005

Ok, change it to this:
Code:
deny
  !verify   = sender/callout=5s,defer_ok
  !senders  = +whitelist_senders
  
accept domains = +local_domains
endpass
Something I missed the first time round; you also need to change this at the bottom:
Code:
check_message:
deny
  !verify   = header_sender
  !senders  = +whitelist_senders
accept
Hope this works!

gflamerich · Oct 17, 2005

Yes, it works!
Thanks again

wkdwich · Aug 14, 2006

nisse said:

You could do it like this in exim.conf:

addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders
Click to expand...

I totally get the rest of this repair.. but is this line also being added to the exim conf file?? If so where??

AlexAT · Aug 31, 2006

nisse said:
Ok, change it to this:
Code:
deny
  !verify   = sender/callout=5s,defer_ok
  !senders  = +whitelist_senders
  
accept domains = +local_domains
endpass
Something I missed the first time round; you also need to change this at the bottom:
Code:
check_message:
deny
  !verify   = header_sender
  !senders  = +whitelist_senders
accept
Hope this works!
Click to expand...
Does not work from my side.
1. I create whitelist_senders file in the /etc dir:
Code:
ls -l /etc/whitelist_senders 
-rw-r--r--    1 root     root           19 Aug 31 14:19 /etc/whitelist_senders
2. I put such instructions in the exim configuration via WHM.

Then my exim_mainlog contains the following:
Code:
2006-08-31 14:19:19 1GIkZr-0002CD-Tn unknown named address list "+whitelist_senders"
2006-08-31 14:19:22 1GIkZs-0002Cq-1D unknown named address list "+whitelist_senders"
2006-08-31 14:19:22 1GIkZq-0002Cm-L2 unknown named address list "+whitelist_senders"
2006-08-31 14:19:23 1GIkZu-0002Cp-ND unknown named address list "+whitelist_senders"
2006-08-31 14:19:24 1GIkZr-0002Co-Oi unknown named address list "+whitelist_senders"
2006-08-31 14:19:27 1GIkZx-0002Cz-Cp unknown named address list "+whitelist_senders"
...
Could you please advice, where the problem is?
Thank you.

AlexAT · Aug 31, 2006

I already found an answer.
I forgot to create alias:
Code:
addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders
Now all works like a charm.
Thank you !

GPH · Sep 16, 2006

Hi, I tried to implement this but got a syntax error on !senders = +whitelist_senders

Is there any info you require?

Thanks

GPH · Sep 17, 2006

Just tried again and still get the error...

error in ACL: unknown ACL verb in "!senders = +whitelist_senders"
Click to expand...

And this is what i have in the config..

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

drop hosts = /etc/exim_deny
message = Connection denied after dictionary attack
log_message = Connection denied from $sender_host_address after dictionary attack
!hosts = /etc/exim_deny_whitelist
!hosts = +relay_hosts
!authenticated = *

drop message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count failures)
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
!verify = recipient
!hosts = /etc/exim_deny_whitelist
!hosts = +relay_hosts
!authenticated = *

# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

#if it gets here it isn't mailman

#sender verifications are required for all messages that are not sent to lists

require verify = sender/callout
accept domains = +local_domains
endpass

#recipient verifications are required for all messages that are not sent to the local machine
#this was done at multiple users requests

message = "The recipient cannot be verified. $acl_verify_message"
verify = recipient

accept domains = +relay_domains : certapay.com

warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts

warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.

#!!# ACL that is used after the DATA command
check_message:
# Enabling this will make the server non-rfc compliant
# require verify = header_sender
accept
Click to expand...

Thanks

furquan · Oct 15, 2006

Hi,

I am also getting the same error, and m not sure how to get this resolved :

2006-10-14 18:36:20 unknown named address list "+whitelist_senders"
2006-10-14 18:36:20 unknown named address list "+whitelist_senders"
Click to expand...

Has any one found a solution yet ?

Thanks

furquan · Oct 15, 2006

AlexAT said:
I already found an answer.
I forgot to create alias:
Code:
addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders
Now all works like a charm.
Thank you !
Click to expand...
Pardon my ignorance, But how did you create that alias. Where do i need to enter that ?

Thanks

troubleshooter · Oct 15, 2006

In the first section of your exim configuration file where all the other lists are declared. It's the first editable section in WHM.

Terry

furquan · Oct 15, 2006

Terry :

Thanks for the response. Reconfirm again .....

Is it the very first blank box in the Advnace mode of "Exim Configuration Editor"

Coz that is blank at the moment.

Thanks

troubleshooter · Oct 15, 2006

Yes, the very first section.

This is a sample of what I have in my first section.
Code:
## sender address lists
addresslist sender_whitelist= lsearch*@;/etc/exim/sender_whitelist
addresslist sender_blacklist= lsearch*@;/etc/exim/sender_blacklist
I have customized my configuration to use different lists for various things in my ACLs. The first section is where the lists are put and other types of customisations. You;d need to look at the exim docs to see what else can be customised there. Other sections of exim.conf (the ACLs) refer to the first section when I reference a list. You reference a list as +listname - example if I wanted to use /etc/exim/sender_whitelist I'd refer to it in an ACL as +sender_whitelist. If you haven't used any lists or customised anything else, it's not uncommon to have a blank first section.

Terry

furquan · Oct 15, 2006

Thanks a lot for your response Terry.

I had this issue for the whole last week...and i did not realise that the Alias was missing.

Thanks a lot.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Omit Sender verify for certain mails?

gflamerich Well-Known Member

nisse Well-Known Member

gflamerich Well-Known Member

nisse Well-Known Member

gflamerich Well-Known Member

gflamerich Well-Known Member

nisse Well-Known Member

nisse Well-Known Member

gflamerich Well-Known Member

wkdwich Well-Known Member

AlexAT Well-Known Member
PartnerNOC

AlexAT Well-Known Member
PartnerNOC

GPH Member

GPH Member

furquan Well-Known Member

furquan Well-Known Member

troubleshooter Member

furquan Well-Known Member

troubleshooter Member

furquan Well-Known Member

New Thread Email authentication not working with local sender

Mail delivery failed: returning message to sender

Remote server can't resolve email sender domain

Sender verify failed

Wrong sender user in Mail Delivery Reports

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Omit Sender verify for certain mails?

gflamerich Well-Known Member

nisse Well-Known Member

gflamerich Well-Known Member

nisse Well-Known Member

gflamerich Well-Known Member

gflamerich Well-Known Member

nisse Well-Known Member

nisse Well-Known Member

gflamerich Well-Known Member

wkdwich Well-Known Member

AlexAT Well-Known Member PartnerNOC

AlexAT Well-Known Member PartnerNOC

GPH Member

GPH Member

furquan Well-Known Member

furquan Well-Known Member

troubleshooter Member

furquan Well-Known Member

troubleshooter Member

furquan Well-Known Member

New Thread Email authentication not working with local sender

Mail delivery failed: returning message to sender

Remote server can't resolve email sender domain

Sender verify failed

Wrong sender user in Mail Delivery Reports

Share This Page

AlexAT Well-Known Member
PartnerNOC

AlexAT Well-Known Member
PartnerNOC