Sender verify failed

[XsiliconX]

Is there any way to work around this without asking the host to assist with WHM? I have a domain with several email addresses. One of the addresses cannot receive email from a sender. It would appear the messages are transmitted via Amazon.

Event: rejected 
User: -remote-
Domain:
From Address: [email protected]
Sender:
Sent Time: Sep 22, 2018, 4:28:04 AM
Sender Host: ec2-13-250-122-228.ap-southeast-1.compute.amazonaws.com
Sender IP: 13.250.122.228
Authentication: unauthorized
Spam Score: 0
Recipient: (redacted)
Delivery User: (redacted)
Delivery Domain: (redacted)
Delivered To:
Router: reject
Transport: **rejected**
Out Time: Sep 22, 2018, 4:28:04 AM
ID: 1g3eDS-0009z4-18
Delivery Host: ec2-13-250-122-228.ap-southeast-1.compute.amazonaws.com
Delivery IP: 13.250.122.228
Size: 0 bytes
Result: Sender verify failed

Thanks in advance.

 

[keat63]

How confident are you that this email is genuine ?
I've seen no end of Hacking/Phishing/Spamming through Amazonaws, to the point, that I no longer trust a single email.

 

[XsiliconX]

100%. I requested it as verification for account opening. It was done several times and the times correspond.

 

[keat63]

I'd suggest that the issue is at the sending end, something along the lines of using a different sending address to the one actually sending.

eg: sending as [email protected], but coming from [email protected]
This would be classed as spoofing.

 

[cPanelLauren]

Hi @XsiliconX

While the email may be legitimate I do agree with @keat63 in this. The issue is that the sender verification callout is unable to be completed due to the "from" address not using a valid resolvable domain:

From Address: [email protected]

$ dig a ip-172-31-31-110.ap-southeast-1.compute.internal

; <<>> DiG 9.10.6 <<>> a ip-172-31-31-110.ap-southeast-1.compute.internal
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27124
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;ip-172-31-31-110.ap-southeast-1.compute.internal. IN A

;; AUTHORITY SECTION:
.            3097    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2018092400 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 208.74.121.50#53(208.74.121.50)
;; WHEN: Mon Sep 24 08:46:28 CDT 2018
;; MSG SIZE  rcvd: 152

The resolution for this would be either to force this email come from a valid domain or to disable sender-verify which may not be possible if you do not have root/whm access to the server.

Thanks!

 

[XsiliconX]

I understand the sender is in your opinion making an error. The sender is a form on a website. The website is used for a giveaway and the webmaster would have little time for this.
I can ask the host to modify settings. How should a request be worded? Is this something that can be provisioned for access on the cPanel side? I know gMail receives these messages. Is there any way to work around this? Your assistance is appreciated.
P. S. Gz on 1,000 posts!

 

[cPanelLauren]

Hello @XsiliconX

It's really not an opinion in this instance it is definitely an error, the sending domain should resolve to an IP address. The error is only noted because your server has sender verification enabled and it's rejecting email that doesn't pass. Part of sender verification is the domain must resolve to an IP address. To resolve this as I indicated previously there are two options:

1. Request the email be sent from a valid domain

2. Disable sender verification on your server

 

[XsiliconX]

I understand your explanation. Please understand other email systems do not have this issue. The lack of options to receive the message without completely disabling protection gives the impression cPanel is being heavy-handed or otherwise lacks the required granularity. If there is no option other than to contact the host and request they disable protection it will be done. Ultimately I am hopeful cPanel will in the future provide instance-based whitelisting or have some solution better than removing the protection entirely if it blocks one message. Thank you for your assistance.

 

[cPanelLauren]

@XsiliconX


There is no other option though - sender verification's job is explicitly to verify the legitimacy of mail received to the server. One of those things is to verify the domain exists. In this case, the mail is being sent from a non-existent domain. This isn't heavy-handed this is how the sender verify setting works, I'm sorry that it is not a resolution for you but you'll need to either send the mail from a domain that actually exists or disable sender verification. If recipient domains have any form of anti-spam protection whether or not they're using cPanel they will NOT accept mail from a domain with no IP address.

If there was an associated IP address you might be able to add it to Exim's Sender verification bypass IP addresses but because that domain doesn't even exist I don't believe this would be possible, furthermore, you'd need root access to the server to add this.

 

[XsiliconX]

I understand and appreciate your explanation. It is my hope cPanel will some day implement a system to more easily work with this problem, e. g. a setting to "ignore verification for 5/10/15 minutes." I will work with the host or configure a gmail account to forward to cPanel accounts. Thank you.

 

[cPanelLauren]

HI @XsiliconX

It is my hope cPanel will some day implement a system to more easily work with this problem, e. g. a setting to "ignore verification for 5/10/15 minutes."

If this functionality is something you'd like to see within cPanel I'd suggest opening a feature request using the link in my signature.


Thanks!