The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sender Verification - checked or unchecked

Discussion in 'E-mail Discussions' started by pmignone, Jun 13, 2008.

  1. pmignone

    pmignone Registered

    Joined:
    Nov 19, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    What exactly is ** Sender Verification [?]

    Verifies that the domain mail purports to be coming from actually exists.
    In the EXIM Configuration Editor.
    How does it work?
    Does it contribute to Backscatter?
    Should it be checked?

    Thanks!
    Pete
     
  2. Branko

    Branko Active Member
    PartnerNOC

    Joined:
    Sep 16, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
  3. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Sender Verification and Sender Verification Callout are two different things. I turned on SV but disabled SVC. When I turned on SVC, I could not receive emails from Yahoo.
     
  4. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    I used to use SVC, which was good, though you would run into some issues.

    When cpanel upgraded with all of the ACLs at smtp, I don't seem to need SVC.
     
  5. pjmignone

    pjmignone Member

    Joined:
    Nov 19, 2007
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the info!
     
  6. pagchen

    pagchen Member

    Joined:
    Aug 19, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    what is the difference ?

    Could you explain what is the difference, because I solved a problem with a specific provider by turning SVC off, but now same problems starts again since SV is on (by default with CPanel upgrade I suppose).

    thanks
     
  7. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    With sender verify, a check is done to see if the domain of the sender actually exists. With sender verify callouts:

    1. A remote mailserver connects to your mailserver, to send you an email

    2. Before your mailserver accepts the email, it will connect back to the sending mailserver

    3. If successful, your mailserver will issue the SMTP commands up to the "rcpt to" stage (helo hostname, mail from:<>, rcpt to:<sender_email_address_from_step_1@example.com>), with the recipient email address set to that of the person sending you an email from step 1

    4. If the remote mailserver states that it is ok to send email to the recipient (that is, the email address attempting to send you an email - sender_email_address_from_step_1@example.com), then the sender from step 1 has been verified as being a valid email address. Otherwise, your server will not accept email from that sender.

    If you're having an issue with just sender verify on, but are not using callouts, it's likely a DNS issue where your server is having issues resolving the domain of the sender. This could be due to the sender's DNS being improperly configured, or your local resolvers not functioning properly, or any of a number of things mostly related to DNS.

    For what it's worth, I think sender verify callouts are a pain. Too many organizations don't actually send email from servers that accept email. Thus, the callout will fail when your server can't connect to the purported sending mailserver, which results in dropped mail. You can use whitelists for this on a case by case basis, but they're a hassle to maintain, especially during some cPanel updates.

    I haven't ever seen any issues with sender verification (where the domain of the sender is checked to see if it exists). If I did, the first place I'd look would be DNS. e.g., dig @nameservers example.com (where "nameservers" would be your local resolvers from /etc/resolv.conf).
     
  8. dusty_it

    dusty_it Registered

    Joined:
    Jul 14, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Well, what you are stating isn't correct. The callout is made to the MX server not the sending mailserver, so the MX must reply in some manner.
    It's true that many MX reply ok to ANY recipient, so in these cases the callout is useless.
    For someone callouts are abusive. Check this: http://www.backscatterer.org/?target=sendercallouts

     
  9. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    If the server sending the email is the MX record for the domain, then it is true that the recipient mailserver would be connecting back to the sending mailserver, correct? I understand what you are saying about the check being based on the MX record, and not necessarily the sending server itself (which would be a very flawed design since it would be trivially defeatable). Thanks for clarifying.
     
  10. dusty_it

    dusty_it Registered

    Joined:
    Jul 14, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    With callout enabled the receiving mailserver ALWAYS contacts the MX, no matter which is the sending server. This is normal, who can know about the existence of an address? Only the MX.

     
  11. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    Right - that's exactly what I was saying in response to your previous statement.
     
  12. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    The problem with the callouts are the email from non-people, like newsletters, forums, mailing lists.

    Many sites, let's say like NYTimes.com, send messages with non-existent reply addresses. So when your server callsout to them for verification, they say 'no such user here, leave me alone'.

    This leads to a bunch of unhappy subscribers who then blame you since the NYTimes must surely know what they are doing sending from non-existent addresses.
     
  13. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    What I do to get around this is create an email account (e.g. do-not-reply@) with a 1 mb quota. This way the account exists, but with such a small quota, wont be consuming many server resources if people do ignorantly reply to that address. Ever since I started doing this, I haven't had problems with people receiving emails from my scripts.
     
  14. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    Yes, well tell that to all the other Server Admins out there. :)
     
  15. omidi

    omidi Member

    Joined:
    Sep 7, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    hi
    i have same problem
    after cpanel auto update, peaple can not send email form my site with 127.0.0.1 ip(that means they put their email address and i get email from their email address) after update , pepole with gmail and yahoo email can not post form at my site, but when i unchek server verificaton , they can send, any one can help me? i need to chek this option on,
    thanks
     
Loading...

Share This Page