The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Verify the existance of email senders: what exactly does it check for?

Discussion in 'E-mail Discussions' started by spaceman, Oct 26, 2004.

  1. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Hi All,

    WHM > Exim Configuration Editor > Verify the existance of email senders

    What *exactly* does this check for? I understand the principal of the idea: to reduce spam by checking that the domain from which the email is sent is good, but what does 'good' mean?, eg:

    1. The (mail server of the?) domain can successfully pinged? and/or
    2. The domain is configured correctly? and/or
    3. Other?

    I ask because one of our clients is reporting that one of their clients is having problems sending them email. The email is bouncing back to the sender with a '550 Administrative prohibition' error. I *think* that this is because the domain from which the email is being sent is not 'good', but unless I fully understand what needs to be done to make the domain 'good', then I don't have much to work with.

    Thanks for help, in anticipation.

    P.S. 'existance' should be 'existence' - I just copied the typo. :)
     
  2. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Also, for all emails that are rejected as a result of having this option turned out, it would be great if a more descriptive error message could be returned in addition to the 'Administrative Prohibition' message to give the person (assuming of course that it was a genuine email) receiving the rejection message a chance to fix the problem. Eg, something like 'Your email was rejected because the existence of the sending email address could not be verified".
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  4. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Thanks chirpy for your reply. I read the manual like you suggested. It's a bit too techy for, so I won't claim I fully understand what the manual says.

    My immediate problem is this: a client sending email from the domain appleart.com.au is having their email rejected (550 error as described below) by our server. If I turn off 'Verify the existance of email senders' then the email comes through fine.

    So as far as I can tell, she is sending from a legitimate email address. But 'Verify the existance of email senders' doesn't agree.

    If I run a DNS Report on the domain:

    http://www.dnsreport.com/tools/dnsreport.ch?domain=appleart.com.au

    ... I learn that the MX records for the domain are

    mx1.iinet.net.au
    mx2.iinet.net.au
    mx3.iinet.net.au

    My hunch is that IF these mx records were reporting 'appleart.com.au', then the email would be acceptable with 'Verify the existance of email senders' turned on.

    Does that sound right? Is there anything else about the DNS Report that would suggest why 'Verify the existance of email senders' is rejecting email sent from this domain???

    Thanks again.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Did you by any chance recently remove 127.0.0.1 from your /etc/resolv.conf as being recommended by cPanel at the moment?
     
  6. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Nope.

    I assume you refer to the discussion going on here: http://forums.cpanel.net/showthread.php?t=31081.

    We've done nothing in this regard (fyi: we don't have any resellers on our servers)
     
    #6 spaceman, Oct 26, 2004
    Last edited: Oct 26, 2004
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I've had a look through the exim mailing list about this for you. What you could to is try adding the following near the top of your /etc/exim.conf:

    smtp_return_error_details = true

    Then restart Exim with:

    /etc/init.d/exim restart

    This is meant to give a much more meainingful bounce message with the reason for the actual bounce.
     
  8. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    That was completely fabulous advice, You got me all excited. Only problem is - it didn't work :-(

    To clarify, I did exactly as you suggested (including successfully restarting exim), turned 'Verify the existance of email senders' back on, got the person having the sending problems to resend the message, and the message bounced back as expected but with no additional information - just another standard 'Remote host said: 550 Administrative prohibition' - nothing more, no extended message as you and I expected.

    Bummer!

    Back to square one. :-(
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  10. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Bingo. The logs held the answer. Should have looked there in the first place - sorry!

    ... syntax error in 'From' header when scanning for sender: missing or malformed local part (expected word or "<") in "Carolyn>Apple Art <carolyn@appleart.com.au>"

    This showed up in both exim_mainlog AND exim_rejectlog

    What a pity that setting:

    smtp_return_error_details = true

    ... doesn't report the error above??? Weird. If you (or anyone else) knows of any other ways that I can get the above level of error reporting appearing in bounced emails, I'm all ears!

    Thanks all the same for your valued support, chirpy . A victory of sorts!
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Glad you found the problem ;) You'd have hoped the persons email client would have picked that up before it was sent.
     
  12. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    They were sending from an Apple Mac - didn't ask which mail program.

    So I'm leaving 'Verify the existance of email senders' checked on, but remain mildly concerned that once in a while we (or our clients who host with us) won't receive otherwise genuine email (as was the case here) and the bounced message will remain unhelpful.

    C'est la vie, I guess.
     
  13. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    could not complete sender verify

    Hello everyone,

    I have similar problem but difrent. I have few customers who are subscribed to some online newsletter. The problem is that newsletter company sends mail from nonexistent email so my exim cant verify the email recipiant and reject all mails from them. In exim log I see message "could not complete sender verify". If I could setup exim only for this case that exim would ferify for IP of the sender instead of email address, I think it should work. The problem is I dont know how to setup that and where, but I have the feeling that cant bee to difficult for smeone with experiance. Could anyone help me with this?

    Regards, Erik
     
  14. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Then the sender is breaking the RFC email rules and it is perfectly correct to reject it. An email message must have a valid originator field otherwise it is breaking RFC2822. The owner of the mailing list should really be informed of this and have their mailing list fixed.

    That said, if you want to make an exception with the domain that that mialing list is sent from, you could add the following to the ACL section in the Exim Configuration Editor before the verify = sender line:

    accept domains = sendersdomain.com
     
  15. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    Thank you Chirpy. I will try and will inform you if it worked, so others could do the same in the future if needed. I agree with you that it is OK to reject those kind of senders but in my case receiver is my very important customer and I need customers if I whant to go on... I definitively will not do that for anyone else, this is clearly exception.

    Thanks again, Erik
     
  16. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16
    I'm in the same boat as the other guy and I've tried doing what you suggested (place the above line, but use the real domain in question of course) and it did not work. My exim is still rejecting mail from this domain because a callout could not be made. I think their mail servers completely refuse connections on port 25

    Is there no way to tell exim to completely skip sender/callout verification for one particular domain/ip range?

    Also I've noticed the existence of 'accept domains =' more than once in the ACL section. So maybe it was just my placement of it that didn't work? I tried to place it right at the start of the ACL section ... then right before the verify = sender/callout line as welll... same result.
     
    #16 qwerty, Nov 26, 2005
    Last edited: Nov 26, 2005
  17. webicom

    webicom Well-Known Member

    Joined:
    Mar 30, 2004
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Slovenia
    It seams that it is not working for me either. Any more suggestions?

    Regards, Erik
     
  18. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Try this then:

    Go into the Exim Configuration Editor and look for this in the ACL section:
    Code:
      require verify = sender/callout
      accept  domains = +local_domains
      endpass
    
    and try adding the domain you want to skip:

    Code:
      require verify = sender/callout
      accept  domains = +local_domains : skipthisdomain.com : skipanother.net
      endpass
    
     
  19. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16

    Doesn't seem to work either :( Can I use wildcards? eg.

    accept domains = +local_domains : *.skipthisdomain.com

    Funny thing is, while I was looking at the logs I noticed that even mail sent by a user from his own domain, using a non existant email as return, got rejected for impossible sender verify (because that mailbox he sent from doesn't exist). But +local_domains isn't even supposed to be checked by sender verify ...

    ie. support@domain.com was trying to send email to admin@domain.com but support@domain.com isn't a real mailbox (the domain is real and hosted on the server) so the sender verify failed because support@domain.com is an unroutable address.

    So I'm wondering if the accept domains part is even considered by exim AT ALL.....I think sender verification is broken.
     
    #19 qwerty, Nov 27, 2005
    Last edited: Nov 27, 2005
  20. Cozminsky

    Cozminsky Member

    Joined:
    Jan 15, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    That's not quite what you want. http://www.exim.org/exim-html-4.50/doc/html/spec_39.html#IX2507 has a description of what domains does.

    What you want is an accept sender_domains = foo : bar : baz before the require verify sender

    P.S. I got around the verify failing for people who like to send from www@theirwebserver.domain.com ( and that server doesn't have an mx and also doesn't allow smtp connection) by adding a sender/callout=defer_ok. exim will try the callout and give a temporary failure in this instance which will be treated as success.
     
    #20 Cozminsky, Nov 29, 2005
    Last edited: Nov 29, 2005
Loading...

Share This Page