Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Sender verify failed

Discussion in 'E-mail Discussion' started by XsiliconX, Sep 22, 2018.

  1. XsiliconX

    XsiliconX Member

    Joined:
    Sep 22, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    WI, USA
    cPanel Access Level:
    Website Owner
    Is there any way to work around this without asking the host to assist with WHM? I have a domain with several email addresses. One of the addresses cannot receive email from a sender. It would appear the messages are transmitted via Amazon.


    Code:
    Event: rejected 
    User: -remote-
    Domain:
    From Address: webapp@ip-172-31-31-110.ap-southeast-1.compute.internal
    Sender:
    Sent Time: Sep 22, 2018, 4:28:04 AM
    Sender Host: ec2-13-250-122-228.ap-southeast-1.compute.amazonaws.com
    Sender IP: 13.250.122.228
    Authentication: unauthorized
    Spam Score: 0
    Recipient: (redacted)
    Delivery User: (redacted)
    Delivery Domain: (redacted)
    Delivered To:
    Router: reject
    Transport: **rejected**
    Out Time: Sep 22, 2018, 4:28:04 AM
    ID: 1g3eDS-0009z4-18
    Delivery Host: ec2-13-250-122-228.ap-southeast-1.compute.amazonaws.com
    Delivery IP: 13.250.122.228
    Size: 0 bytes
    Result: Sender verify failed
    
    Thanks in advance.
     
    #1 XsiliconX, Sep 22, 2018
    Last edited by a moderator: Sep 22, 2018
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,037
    Likes Received:
    47
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    How confident are you that this email is genuine ?
    I've seen no end of Hacking/Phishing/Spamming through Amazonaws, to the point, that I no longer trust a single email.
     
  3. XsiliconX

    XsiliconX Member

    Joined:
    Sep 22, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    WI, USA
    cPanel Access Level:
    Website Owner
    100%. I requested it as verification for account opening. It was done several times and the times correspond.
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,037
    Likes Received:
    47
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I'd suggest that the issue is at the sending end, something along the lines of using a different sending address to the one actually sending.

    eg: sending as email@domain.com, but coming from anotheremail@anotherdomain.com
    This would be classed as spoofing.
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @XsiliconX

    While the email may be legitimate I do agree with @keat63 in this. The issue is that the sender verification callout is unable to be completed due to the "from" address not using a valid resolvable domain:

    Code:
    From Address: webapp@ip-172-31-31-110.ap-southeast-1.compute.internal
    Code:
    $ dig a ip-172-31-31-110.ap-southeast-1.compute.internal
    
    ; <<>> DiG 9.10.6 <<>> a ip-172-31-31-110.ap-southeast-1.compute.internal
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27124
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1280
    ;; QUESTION SECTION:
    ;ip-172-31-31-110.ap-southeast-1.compute.internal. IN A
    
    ;; AUTHORITY SECTION:
    .            3097    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2018092400 1800 900 604800 86400
    
    ;; Query time: 40 msec
    ;; SERVER: 208.74.121.50#53(208.74.121.50)
    ;; WHEN: Mon Sep 24 08:46:28 CDT 2018
    ;; MSG SIZE  rcvd: 152
    
    
    The resolution for this would be either to force this email come from a valid domain or to disable sender-verify which may not be possible if you do not have root/whm access to the server.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. XsiliconX

    XsiliconX Member

    Joined:
    Sep 22, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    WI, USA
    cPanel Access Level:
    Website Owner
    I understand the sender is in your opinion making an error. The sender is a form on a website. The website is used for a giveaway and the webmaster would have little time for this.
    I can ask the host to modify settings. How should a request be worded? Is this something that can be provisioned for access on the cPanel side? I know gMail receives these messages. Is there any way to work around this? Your assistance is appreciated.
    P. S. Gz on 1,000 posts!
     
  7. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @XsiliconX

    It's really not an opinion in this instance it is definitely an error, the sending domain should resolve to an IP address. The error is only noted because your server has sender verification enabled and it's rejecting email that doesn't pass. Part of sender verification is the domain must resolve to an IP address. To resolve this as I indicated previously there are two options:

    1. Request the email be sent from a valid domain

    2. Disable sender verification on your server
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. XsiliconX

    XsiliconX Member

    Joined:
    Sep 22, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    WI, USA
    cPanel Access Level:
    Website Owner
    I understand your explanation. Please understand other email systems do not have this issue. The lack of options to receive the message without completely disabling protection gives the impression cPanel is being heavy-handed or otherwise lacks the required granularity. If there is no option other than to contact the host and request they disable protection it will be done. Ultimately I am hopeful cPanel will in the future provide instance-based whitelisting or have some solution better than removing the protection entirely if it blocks one message. Thank you for your assistance.
     
  9. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    @XsiliconX


    There is no other option though - sender verification's job is explicitly to verify the legitimacy of mail received to the server. One of those things is to verify the domain exists. In this case, the mail is being sent from a non-existent domain. This isn't heavy-handed this is how the sender verify setting works, I'm sorry that it is not a resolution for you but you'll need to either send the mail from a domain that actually exists or disable sender verification. If recipient domains have any form of anti-spam protection whether or not they're using cPanel they will NOT accept mail from a domain with no IP address.

    If there was an associated IP address you might be able to add it to Exim's Sender verification bypass IP addresses but because that domain doesn't even exist I don't believe this would be possible, furthermore, you'd need root access to the server to add this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. XsiliconX

    XsiliconX Member

    Joined:
    Sep 22, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    WI, USA
    cPanel Access Level:
    Website Owner
    I understand and appreciate your explanation. It is my hope cPanel will some day implement a system to more easily work with this problem, e. g. a setting to "ignore verification for 5/10/15 minutes." I will work with the host or configure a gmail account to forward to cPanel accounts. Thank you.
     
  11. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    HI @XsiliconX

    If this functionality is something you'd like to see within cPanel I'd suggest opening a feature request using the link in my signature.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice