Omit Sender verify for certain mails?

[dev_cw]

summary of the instructions on this post

To help clear things up i have put all the instructions together, hope this helps.

1) Create a file that will be the actual whitelist. In this example it is /etc/whitelist_senders - the addresses need to be listed one entry per line, either the email address or use the wildcard to do an entire domain - *@domain.tld
To create the file:

touch /etc/whitelist_senders

2) in WHM, in the top most edit box add (if there is anything else in the text box add this bellow it):

addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders

3) still in WHM. scroll down to where there are three text boxes together. This is the begin ACL section. In the middle box scroll down until you find:

#sender verifications are required for all messages that are not sent to lists

require verify = sender/callout
accept domains = +local_domains
endpass

and change it to:

#sender verifications are required for all messages that are not sent to lists

[COLOR="Red"]deny
  !verify   = sender/callout
  !senders  = +whitelist_senders[/COLOR]
  
accept domains = +local_domains
endpass

4) still in the middle box scroll down to the end and change:

#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept

to this:

#!!# ACL that is used after the DATA command
check_message:
[COLOR="Red"]deny
  !verify   = header_sender
  !senders  = +whitelist_senders[/COLOR]
accept

5) Save and exit. Now try to send and receive email to make sure everything is still working. If all is ok add the address in question to the whitelist and see if it works.

Then put the sender addresses in the file /etc/whitelist_senders, one per line, e.g.

[email protected]
*@domain2.tld

 

[jameshsi]

What if the email address is *@mail2.abc.com and *@mail3.abc.com ....
Can I use *@mail*.abc.com ?

 

[RickG]

Can I use *@mail*.abc.com ?

Yes.
*.abc.com or *abc.com also accomplishes what you want.

 

[randomuser]

Just wanted to say thanks to everyone who contributed to this thread, especially dev_cw, whos instructions were extremely simple to follow and have been 100% confirmed to work, making one of my customers (and their customers) very happy. Thanks to all!

 

[mickalo]

This how-to by dev_cw works very well for sender/callouts and whitelistings. Set it up the other day, and no problems.

Thx's
Mickalo

 

[mickalo]

Still problems with this forum emails

seems we still can't receive any email notices from this forum. I find a ton of errors in our exim logs like this:

2007-02-10 05:38:07 H=(lightning.cpanel.net) [69.90.250.146]:58855 I=[64.246.58.87]:25 
sender verify defer for <[email protected]>: could not connect to 
lightning.cpanel.net [69.90.250.146]: Connection timed out

I've put the email address [email protected] in the sender/callout whitelist file, but still no emails come through. ran the email address through at http://dnsreport.com/ DNS reports and it also times out.

so what's the deal with the Cpanel forum here? Can't they get this setup correctly so people can receive email notices of critical threads that are being monitored ???

Any suggestions would be appreciated

Mickalo

 

[isputra]

I've put the email address [email protected] and [email protected] in the sender/callout whitelist file and have the same result as mickalo here.

So i add the IP where [email protected] came from (69.90.250.146) in the whitelist_from file.

Bingo !!! It works.

See http://forums.cpanel.net/showthread.php?t=62313 about whitelist_from file

 

[boxfan]

This still isn't working for me. I followed the instructions exactly, added the domain name to the whitelist and restarted Exim. I'm still seeing the following in my exim_mainlog

sender verify defer for <[email protected]>: Could not complete sender verify callout

In my whitelist I have the exact email address and *@domainname.com just to be sure. Each of these are on a separate line.

Any ideas?

 

[mickalo]

This still isn't working for me. I followed the instructions exactly, added the domain name to the whitelist and restarted Exim. I'm still seeing the following in my exim_mainlog

sender verify defer for <[email protected]>: Could not complete sender verify callout

In my whitelist I have the exact email address and *@domainname.com just to be sure. Each of these are on a separate line.

Any ideas?

if you followed this thread See http://forums.cpanel.net/showthread.php?t=62313 about whitelist file, you add the IP address not the domain. After applying this "whitelist" w/IP address that solved my problem, due to the sender/callout failure, and receiving email from this forum.

Mickalo

 

[boxfan]

Ok, I'll try that.

 

[Evolve]

Hi,

The last line in my ACL area says:

#!!# ACL that is used after the DATA command
check_message:
#  Enabling this will make the server non-rfc compliant
#  require verify = header_sender
  accept

I'm not sure it's safe for me to replace that with:

#!!# ACL that is used after the DATA command
check_message:
deny
  !verify   = header_sender
  !senders  = +whitelist_senders
accept

Any suggestion would be appreciated.

 

[Evolve]

I went ahead and made the changes, as suggested by my host provider, then checked my domain at www.dnsreport.com

Everything appears fine.

Thanks

 

[jamesbond]

Evolve, I didn't make that last change as it clearly states it makes the server non-rfc compliant.

Maybe someone else can comment on this?

 

[JIKOmetrix]

Hi,


I followed this copy:
http://yamzy.net/2007/3/19/whitelist-for-exim-sender-verify-callout.htm

anyone know why this would not work every time a white listed domain sends an email? I have a setup that worked for about a day then began denying email from a whitelisted domain. I have checked the setup and restarted exim a few times. still not working. but it did work.

Thanks,
Mike

 

[JIKOmetrix]

Hi,

I figures it out. I changed:

#!!# ACL that is used after the DATA command
check_message:
 deny
 !verify   = header_sender
 !senders  = +whitelist_senders
accept

to

#!!# ACL that is used after the DATA command
check_message:
#  deny
#  !verify   = header_sender
#  !senders  = +whitelist_senders
accept

And now it works properly. The :

!verify = header_sender

made the email server not be RFC compliant.

Thanks,
Mike

 

[cmdln]

JIKOmetrix:
That appears to just disable your rule.

 

[JIKOmetrix]

JIKOmetrix:
That appears to just disable your rule.

Only in the data portion. I do not want to perform a header check.

Mike

 

[cmdln]

Im thinking

deny
    !verify   = sender/callout=5s,defer_ok
    !senders = +whitelist_senders
accept  domains = +local_domains

needs to go just after the [% ACL_RBL_BLOCK %]
in cpanel 11

sound right?

 

[JIKOmetrix]

Im thinking

deny
    !verify   = sender/callout=5s,defer_ok
    !senders = +whitelist_senders
accept  domains = +local_domains

needs to go just after the [% ACL_RBL_BLOCK %]
in cpanel 11

sound right?

Hi,

Yes. Here is a link that sums this thing all up:

http://www.mbrando.com/2007/05/11/white-list-for-exim-sender-verify-callout/

Mike

 

[trevHCS]

I was wondering if anyone else has found that implementing the whitelisting as summarised in the link above stops Spam Assasin from working until you revert back?

It took me a while to figure out why I was getting spams as there are pretty infrequent mainly due to callout, but we need to bypass that for AOL as there are problems there (them blocking us and thus not answering our callouts).

Exim config should just be whatever WHM installed except for the above tweaks so I'd guess this should happen to a lot of people? I can't see anything different from that to the individual bits shown throughout this thread.

WHM 11.2.0, cPanel 11.6.0-R15076, Exim 4.

Trev