Omit Sender verify for certain mails?

dev_cw

Well-Known Member
Jun 30, 2004
59
1
158
summary of the instructions on this post

To help clear things up i have put all the instructions together, hope this helps.

1) Create a file that will be the actual whitelist. In this example it is /etc/whitelist_senders - the addresses need to be listed one entry per line, either the email address or use the wildcard to do an entire domain - *@domain.tld
To create the file:
Code:
touch /etc/whitelist_senders

2) in WHM, in the top most edit box add (if there is anything else in the text box add this bellow it):
Code:
addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders
3) still in WHM. scroll down to where there are three text boxes together. This is the begin ACL section. In the middle box scroll down until you find:
Code:
#sender verifications are required for all messages that are not sent to lists

require verify = sender/callout
accept domains = +local_domains
endpass
and change it to:
Code:
#sender verifications are required for all messages that are not sent to lists

[COLOR="Red"]deny
  !verify   = sender/callout
  !senders  = +whitelist_senders[/COLOR]
  
accept domains = +local_domains
endpass
4) still in the middle box scroll down to the end and change:
Code:
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept
to this:
Code:
#!!# ACL that is used after the DATA command
check_message:
[COLOR="Red"]deny
  !verify   = header_sender
  !senders  = +whitelist_senders[/COLOR]
accept
5) Save and exit. Now try to send and receive email to make sure everything is still working. If all is ok add the address in question to the whitelist and see if it works.

Then put the sender addresses in the file /etc/whitelist_senders, one per line, e.g.

[email protected]
*@domain2.tld
 
  • Like
Reactions: randomuser

jameshsi

Well-Known Member
Oct 22, 2001
347
0
316
What if the email address is *@mail2.abc.com and *@mail3.abc.com ....
Can I use *@mail*.abc.com ?
 

randomuser

Well-Known Member
Jun 25, 2005
146
0
166
Just wanted to say thanks to everyone who contributed to this thread, especially dev_cw, whos instructions were extremely simple to follow and have been 100% confirmed to work, making one of my customers (and their customers) very happy. Thanks to all!
 

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
Still problems with this forum emails

seems we still can't receive any email notices from this forum. I find a ton of errors in our exim logs like this:
Code:
2007-02-10 05:38:07 H=(lightning.cpanel.net) [69.90.250.146]:58855 I=[64.246.58.87]:25 
sender verify defer for <[email protected]>: could not connect to 
lightning.cpanel.net [69.90.250.146]: Connection timed out
I've put the email address [email protected] in the sender/callout whitelist file, but still no emails come through. ran the email address through at http://dnsreport.com/ DNS reports and it also times out.

so what's the deal with the Cpanel forum here? Can't they get this setup correctly so people can receive email notices of critical threads that are being monitored ??? :mad:

Any suggestions would be appreciated :)

Mickalo
 

boxfan

Member
Feb 22, 2007
8
0
151
This still isn't working for me. I followed the instructions exactly, added the domain name to the whitelist and restarted Exim. I'm still seeing the following in my exim_mainlog

sender verify defer for <[email protected]>: Could not complete sender verify callout

In my whitelist I have the exact email address and *@domainname.com just to be sure. Each of these are on a separate line.

Any ideas?
 

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
This still isn't working for me. I followed the instructions exactly, added the domain name to the whitelist and restarted Exim. I'm still seeing the following in my exim_mainlog

sender verify defer for <[email protected]>: Could not complete sender verify callout

In my whitelist I have the exact email address and *@domainname.com just to be sure. Each of these are on a separate line.

Any ideas?
if you followed this thread See http://forums.cpanel.net/showthread.php?t=62313 about whitelist file, you add the IP address not the domain. After applying this "whitelist" w/IP address that solved my problem, due to the sender/callout failure, and receiving email from this forum.

Mickalo
 

Evolve

Well-Known Member
Jan 31, 2007
47
0
156
Hi,

The last line in my ACL area says:

Code:
#!!# ACL that is used after the DATA command
check_message:
#  Enabling this will make the server non-rfc compliant
#  require verify = header_sender
  accept

I'm not sure it's safe for me to replace that with:

Code:
#!!# ACL that is used after the DATA command
check_message:
deny
  !verify   = header_sender
  !senders  = +whitelist_senders
accept
Any suggestion would be appreciated.
 

jamesbond

Well-Known Member
Oct 9, 2002
737
1
168
Evolve, I didn't make that last change as it clearly states it makes the server non-rfc compliant.

Maybe someone else can comment on this?
 

JIKOmetrix

Well-Known Member
Apr 3, 2007
185
37
178
Hi,

I figures it out. I changed:

Code:
#!!# ACL that is used after the DATA command
check_message:
 deny
 !verify   = header_sender
 !senders  = +whitelist_senders
accept
to

Code:
#!!# ACL that is used after the DATA command
check_message:
#  deny
#  !verify   = header_sender
#  !senders  = +whitelist_senders
accept
And now it works properly. The :

!verify = header_sender

made the email server not be RFC compliant.

Thanks,
Mike
 

cmdln

Active Member
Mar 17, 2007
27
0
151
Im thinking
Code:
deny
    !verify   = sender/callout=5s,defer_ok
    !senders = +whitelist_senders
accept  domains = +local_domains
needs to go just after the [% ACL_RBL_BLOCK %]
in cpanel 11

sound right?
 

trevHCS

Well-Known Member
Nov 1, 2003
69
1
158
I was wondering if anyone else has found that implementing the whitelisting as summarised in the link above stops Spam Assasin from working until you revert back?

It took me a while to figure out why I was getting spams as there are pretty infrequent mainly due to callout, but we need to bypass that for AOL as there are problems there (them blocking us and thus not answering our callouts).

Exim config should just be whatever WHM installed except for the above tweaks so I'd guess this should happen to a lot of people? I can't see anything different from that to the individual bits shown throughout this thread.

WHM 11.2.0, cPanel 11.6.0-R15076, Exim 4.

Trev