Sender Verify Callout - how to make an exception for a specific email address.

[martin MHC]

I have a client who is complaining because a specific email address is being blocked at our end by the server presenting "Could not complete sender verify callout " and I find this is due to the sender being "null" and this is apparently a callout condition for Exim.

So, what I would like to do is to add an exception to sender verify callout for the specific single email address that this client wants to receive from. I do not want to turn off sender verify callout as the spam load on the server is already enough, I don't want more.

How do I make an exception on the sender verify callout for a specific email address?

Exim Version 4.95

 

[martin MHC]

In the Exim advanced editer on WHM I can add an IP address of exceptions that shouldn't ask for verify callouts so this should work, fingers crossed.

 

[cPRex]

Let us know!

 

[rbairwell]

I have a client who is complaining because a specific email address is being blocked at our end by the server presenting "Could not complete sender verify callout " and I find this is due to the sender being "null" and this is apparently a callout condition for Exim.

Can you just clarify:
1) Where the email is being generated/sent from? Is it a script on your server, a customer of yours using an email client which is using your server as their web host/email host, somebody external to your server?
2) Where the email should be going? Should it be going to an external email provider (such as gmail or another webhost), staying local to that user's web hosting account on your server, going to another hosting account on your server or something else?
3) What the email address (FROM) and the destination (RCPT) email addresses "look like". Please feel free to substitute in myserver.example/myserver.tld example.com/example.net etc for the real domain names. I'm under the impression it's going from something like [email protected] to [email protected] : is that correct?

 

[martin MHC]

@rbairwell

1) Email is coming in from an external source.

2) Email should be coming in to an email account on our server.

3) FROM looks like [email protected] and RCPT looks like [email protected]

I resolved the issue by bypassing the Exim check using exclusion of the sending IP block.

 

[rbairwell]

At a guess then, I would assume the sending host does not have an MX record setup on their domain and their primary server on the hostname doesn't accept mail - therefore when your server is trying to do the verify sender callout. In layman's terms - the email address the email is claiming to be from - [email protected] - can't receive email (which would make some sense regarding the "null" comment) - see the Exim documentation for details. (Btw, there is a special "null" email address which is <> which I wanted to confirm wasn't the case).

You probably have the following in your /var/ log/exim_rejectlog:

2022-10-xx xx:44:xx H=(test.external.com) [xxxx::]:39972 sender verify fail for < [email protected] >: The mail server does not recognize [email protected] as a valid sender.
2022-10-xx xx:44:xx H=(test.external.com) [xxxxx::]:39972 F=< [email protected] > rejected RCPT < [email protected]> : Sender verify failed

which would indicate that external.com is not capable of receiving emails.

If the sender sets up external.com correctly with an MX host (Exim won't actually check if the email address itself exists, just that the hostname accepts email) - this will solve their problem (it isn't actually your problem) - they are probably also having delivery issues to Office365 accounts amongst others as they technically breach the RFC for email (as by sounds of things they have a "null/invalid return-path" aka the "from" email address)

Finally you could just add their email IP address to /etc/senderverifybypasshosts

 

[martin MHC]

@rbairwell Yes I have ended up having to add their various sender IP blocks to the bypass list.