The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sender verify failed - Me or Them?

Discussion in 'General Discussion' started by SonServers, Oct 24, 2006.

  1. SonServers

    SonServers Well-Known Member

    Joined:
    Oct 24, 2001
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    Hi, I have a local user that can not receive mail from a remote user on another system.

    Judging by this log, is my server not liking theirs, or is it theirs rejecting the verification? I'm not sure which it is.

    2006-10-24 14:53:12 H=(Mail1.remotehost.com) [remoteip] sender verify fail for <user@remotehost.com>: response to "RCPT TO:<user@remotehost.com>" from remotehost.com.abcd.efgh.com [otherremoteip] was: 500 Reject: previous Mail From command was invalid

    2006-10-24 14:53:12 H=(Mail1.remotehost.com) [remoteip] F=<user@remotehost.com> rejected RCPT <myuser@localhost.com>: Sender verify failed


    To me it almost looks like their server does not like the format my server is using for the sender verify. The main thing I'm trying to figure out is if the problem is at my server or theirs.
     
  2. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    In simple terms ...

    Your server:

    - is rejecting the inbound mail from user@remotehost.com
    - addressed to myuser@localhost.com
    - because your server cannot verify that user@remotehost.com is a valid sender (or remotehost.com is a valid domain, depending on how you have sender verify set).

    An earlier post in this thread may be helpful as well as link
    http://forums.cpanel.net/showpost.php?p=271595&postcount=4

    Hope this helps -
     
  3. SonServers

    SonServers Well-Known Member

    Joined:
    Oct 24, 2001
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    Thanks Rick,

    I understand the verify didn't complete, but I was trying to figure out why, as I know the address is valid (they can send to, and receive from it from other services). It looks to me like when my server is trying to verify the address, their server is saying:
    500 Reject: previous Mail From command was invalid

    I guess I'm wondering if my server is sending out an "invalid Mail From command" in the verification process or if it is likely a config issue on their end and that message doesn't really mean anything.

    I had tried to set up the verify whitelist but it wasn't working. I've since entered their domain a couple more times in the whitelist file in different formats and I'm waiting for them to test it. I was able to send a message from another server with the "from" address set to something@theirdomain.com and the server didn't try to verify it so maybe the whitelisting will work now.

    Thanks again.
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    It sounds like that the remote mail server may not be accepting mail from the null sender, which puts it in violation of RFC standards.

    Try connecting to Mail1.remotehost.com from your server on port 25 (telnet is good for this) and issuing a sample mail transaction.

    Code:
    telnet Mail1.remotehost.com 25
    Then for the transaction:

    EHLO <your server's name>

    Wait for a response

    mail from: <>

    Wait for a response, I suspect that this will result in an error. If everything is OK:

    rcpt to: <user@remotehost.com>

    And wait for a response.

    At this point, there's no need to go any further, regardless of whether or not there are errors or not so:

    quit

    If everything is OK and no errors are generated, then I don't know what the problem is. But I suspect that the mail server does not like the null sender (<>) and that is what is causing this error.
     
  5. SonServers

    SonServers Well-Known Member

    Joined:
    Oct 24, 2001
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    I see three related host names in the error logs. Earlier today, I tried to telnet to all of them and couldn't get an initial connection.


    The: "500 Reject: previous Mail From command was invalid" is coming from:
    kindredhealthcare.com.s8a1.psmtp.com

    Then the next line is the "Sender Verify Failed" but coming from these two hosts:
    Mail1.Kindredhealthcare.com
    Mail2.Kindredhealthcare.com

    Its strange that they reply to my server with that error, but yet I can't initiate a telnet connection on port 25.

    (I'm still waiting to hear if the whitelist worked for them.)
     
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    It does not look like mail1.kindredhealthcare.com or mail2.kindredhealthcare.com are accepting connections from outside port 25. But kindredhealthcare.com.s8a1.psmtp.com does and it appears to be listed as an mail exchange for kindredhealthcare.com. I tried connecting to kindredhealthcare.com.s8a1.psmtp.com and doing a simple mail transaction, and I was able to successfully complete it. It looks like this mail server does accept mail from the null sender. If you are still having problems, I would check to make sure that user@remotehost.com is a valid mail account on kindredhealthcare.com.s8a1.psmtp.com.
     
  7. SonServers

    SonServers Well-Known Member

    Joined:
    Oct 24, 2001
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for looking at that for me.

    What I don't understand is that they claim they can send to kindredhealthcare.com from our server, just that the recipient can't reply because of the verify error.

    I did search my log and found where they did indeed send to this outside user:


    2006-10-23 15:23:45 1Gc6Kk-00020a-Lv => user <user@kindredhealthcare.com> R=boxtraper_autowhitelist T=boxtrapper_autowhitelist
    2006-10-23 15:23:51 1Gc6Kk-00020a-Lv => user@kindredhealthcare.com R=lookuphost T=remote_smtp H=kindredhealthcare.com.s8a1.psmtp.com
    [64.18.7.10] X=TLSv1:AES256-SHA:256
    2006-10-23 15:23:51 1Gc6Kk-00020a-Lv Completed

    But when user@kindredhealthcare.com tries to reply back, they get the verify error from my server.
     
  8. SonServers

    SonServers Well-Known Member

    Joined:
    Oct 24, 2001
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    That's it . . . the null sender.

    I tried to telnet in to kindredhealthcare.com.s8a1.psmtp.com and did (using the real user address)

    mail from: me@mydomain.com
    rcpt to: user@kindredhealthcare.com

    And got an OK response.


    Next I tried:

    mail from: <>
    rcpt to: user@kindredhealthcare.com

    and got the:
    500 Reject: previous Mail From command was invalid
    error.

    So then, they should allow null senders but are not which is against standard policy?
     
  9. SonServers

    SonServers Well-Known Member

    Joined:
    Oct 24, 2001
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    Thank you guys for your help today.

    After more testing, this certainly looks like it is due to the sending server not accepting null senders.

    I did get the whitelist set up correctly so my server is not trying to verify their domain and they can send mail to my clients now.

    I appreciate your willingness to assist.
     
  10. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This looks like a noncompliance issue to me, but perhaps I am wrong. Someone else may be able to corroborate my understanding of this.

    If mail is being allowed through when you use a real e-mail address in the MAIL FROM: command but is not being allowed through when you use a null sender (MAIL FROM: <>) then to me that looks like the mail server is not accepting mail from the null sender, which I gather from http://www.dnsstuff.com/pages/rfc1123.htm is required.

    But before blame goes entirely to the remote mail server, you may want to check that documentation or see if anyone else here can back me up.
     
  11. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    When I have this issue, I try to educate the sender in why their email is being blocked.

    I politely tell them that my server is simply verifying that they exist. It does this by checking with their server. It's THEIR server that is not verifying that they exist.

    I then try to send links to the 'rules'
    http://www.ietf.org/rfc/rfc2821.txt

    I just found this link about it: http://marc.merlins.org/netrants/nullenvelope.txt

    I go to DNSreport.com to run a report on their domain to see how many errors show up. I give them a link to that, and a link to a report on my server (no errors). And try to politely imply that if their server admins are not keeping up or using standards for DNS, SPF, etc, then the error is very likely on their end and there may be other security issues they might start being concerned with.

    Some people are grateful, and others just don't care... "the mail is just supposed to work!, and I don't have this problem with other servers!" To which I suggest "how do you know your mail is going thru and not just being dumped?"

    You can only do so much.
    For my really good clients, I will turn off callout for a short period of time to allow the maverick sender thru, letting them know they will likely cause everyone on the server to get more spam during that time.

    I'd rather not get into a habit of whitelisting 'bad senders' because then there is no motivation for the bad servers to mend their ways.
     
Loading...

Share This Page