The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sender callout - RFC

Discussion in 'General Discussion' started by sparek-3, Dec 23, 2006.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Lately we have been receiving some complaints regarding the use of sender callouts to verify mail senders for incoming mail. This has gotten me to wonder, does the envelope sender (i.e. the address specified in the MAIL FROM stage) have to be a valid e-mail address on that host? This is the address that is checked when doing a sender callout, correct? I'm just curious as to whether this address has to be valid. Is there any RFC standard that says that joe@bob.com must be a valid e-mail address on the bob.com mail server?

    I did try to search through the RFCs, but could not find anything that answers this (albeit, I may not have been looking in the right place). I'm just wondering if anyone knows this for sure. If the envelope sender does not have to be valid, then it would seem that doing sender callouts would be going against RFC standards.

    Thanks
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Even though the practice of using callouts is RFC compliant, in the real world you will run into issues with undelivered email from legitimate users.

    This article gives a good overview of potential problems you may run into while using "callouts to verify the existence of email senders":

    http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/smtpchecks.html#callback

    When our clients enable callouts, the Mail server had rejected messages from several major Web sites, including a domain of a well known business - their mail server was sending messages with an invalid return address. Clearly, it is their fault for being RFC ignorant, but unfortunately this is not uncommon these days.

    Also keep in mind that some administrators (whom think they know it all) have setup their email servers to reject "RCPT TO:" requests if the envelope sender address is blank. This will result in your callouts being rejected if you are using exim's default configuration. (In any case, rejecting blank sender is a violation of RFC). Technically speaking, unlike the old argument about RBL usage, the sender's "RFC ignorance" gives you a clear moral right to reject email messages from them.

    It is up to you to decide whether you want to noticeably decrease the amount of incoming spam, or to save yourself from otherwise unavoidable and time-consuming problems. It is a catch 22 :)
     
  3. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Shame on Bank of America for being one of the big firms not in line to accept this. We had a client who gets sale confirmations from them regarding electronic money transfers. The emails are sent from a non-existent address on a server that simply drops any call back attempts. Emails to their IT department have gone unanswered.

    Ignorance regarding email like this only contributes to the spam problem. Unfortunately, admins can sometimes be "Bob, the guy who one day fixed the printer and found himself promoted." :|
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The non-existent address problem is what I am referring to. I'm not sure if what Bank of America is doing is actually illegal per say in terms of RFC compliance in regards to this (if they are dropping call back attempts then that is another story).

    If the mail transaction sent from Bank of America uses an envelope sender of:

    MAIL FROM: <ted@bankofamerica.com>

    If ted@bankofamerica.com is not a valid e-mail address, then I'm still not sure if this is invalid. The sender callout will fail if it is not a valid e-mail address, but does the MAIL FROM have to be a valid e-mail address?

    The link that AndyReed posted may answer some of that, I haven't checked the link yet.

    As far as standards compliance goes, I like to think that I keep our servers as close to a standards compliance as possible. I won't say that they are following all standards. However, if I'm not following a standard then in my opinion it makes it difficult for me to demand that other mail servers follow standards. For example, if the MAIL FROM does not have to be a valid e-mail address, but because of the sender callouts that are set up on our servers the message is rejected anyway, this makes it difficult to point the finger at some other server for rejecting mail from the null sender (violating RFC 1123) when I myself am not following standards. Of course, this still doesn't mean that a server that rejects the null sender should be given a free pass either.
     
  5. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    I haven't either but will when I get a chance. In our case, the email was in fact sent from an invalid address, the mail-from and the envelope-from are the same. We worked around it, so no biggie- just a pain.
     
  6. sebby

    sebby Well-Known Member

    Joined:
    Jun 15, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    I had to disable callouts to receive email notifications from this very Forum!

    :)
     
  7. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    yes, we also had to disable it. We found that almost every support forum I visit and use, I couldn't receive any email unless I disabled the sender/callout in Exim. I found that to be quiet interesting :)

    Mickalo
     
Loading...
Similar Threads - Sender callout RFC
  1. hamed5034
    Replies:
    1
    Views:
    362

Share This Page