exim sender verify fail

W

wdatkinson

Verified User
Joined
Nov 18, 2004
Messages
56
Location
Indianapolis, IN
I'm trying to send an email from an asterisk server to one of the domains on my DA box. Everytime I send an email I get the following in the /var/log/exim/mainlog:

Code: 
2005-04-04 08:43:54 H=pcp01086587pcs.xxxx.xx.comcast.net (asterisk2.domain.net) [x.x.x.x] sender verify fail for <[email protected]>: Unrouteable address
2005-04-04 08:43:54 H=pcp01086587pcs.xxxx.xx.comcast.net (asterisk2.domain.net) [x.x.x.x] F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2005-04-04 08:43:54 H=pcp01086587pcs.xxxx.xx.comcast.net (asterisk2.domain.net) [x.x.x.x] incomplete transaction (RSET) from <[email protected]>

I've added the sender domain to the /etc/virtual/whitelist_from file and restarted exim, but I still get the same thing.

Any ideas? This is one of the last major hurdles from getting the asterisk box 100% functional for my business.
 
asterisk2.domain.net is not resolving for me... is this the actual domain that you're sending from? If so, that will need to resolve to an actual routeable e-mail domain (and address) for exim to accept the sender, I believe.
 
No, I substituted domain.* for my actual domain, to avoid crawlers, etc. picking up my domain name.

There has got to be a way to hotwire exim to not do the verifications for this one domain.... I expected the whitelist to do it, but it doesn't......

Keep in mind, that the domain.com is my public domain, and in the actual internet, domain.net is a pointer to domain.com. But we use the domain.net for our internal Windows domain, etc.....

Thanks for any assistance you can provide. BTW, I can't easily make asterisk1.domain.net resolve from the live internet, because it is behind a NAT firewall..... Just hoping to force Exim to accept mail from this domain/user.
 
Yeah, I'd expect Exim to be able to do that, but I'm no exim expert. :)

You could hardcode the domain in your local /etc/hosts, I think, but if the IP changes (is it DHCP?) I'm not sure if exim will actually try to route the sender address or just insure that the domain resolves.

Maybe someone else has some more exim experience?
 
What I'm hoping for is to be able to have Exim NOT verify sender for any mail from this domain. Because it doesn't really exist on the public internet, so nothing will ever route back to asterisk2.domain.net.

There has got to be a way to do it.
 
By default exim will NOT accept email from an address it can't reply to. Which is reasonable, since RFCs require that undeliverable email be returned.

You can change the behavior by custom changes to the exim.conf file.

I suppose I'm a candidate for custom changes. Unfortunately I'd have to spend a bit of time studying to figure out where to make the changes, and I don't have a lot of time right now.

However...

I need some help with asterisk.

Write me privately (address below in my sig) or call me (if you're using asterisk you can probably call me for free anyway :) ).

Jeff
 
Please post the solution to this problem when you find it. I want to set my exim the same way. Such complications with emails will harm Direct Admin. I have more than 10 servers with Direct Admin but I use gmail for my personnal emails...
 
I still do not have a solution to this.

I'm looking at PostFix's ability to re-write the sender portion of the email. Obivously I'd do this on my asterisk box, but it would be so much easier if I could tell Exim to accept all emails from domaina.net without doing the sender verification.

Any machine sending email from behind a NAT firewall will experience this because Exim will not be able to reverse verify the sender, unless you can hard-code it to something that can be resolved.

I've tried referencing the Exim docs, google, etc., but no go. I'm not even sure I'm going to be able to figure out how to get around it via Postfix, but until we get a good answer from an Exim guru, that might be the only option.

I'm going to follow up with Jeff as soon as I get a chance and try to exchange some Asterisk knowledge for some Exim knowledge.
 
nano -w /etc/exim.conf

search for:

require verify = sender

comment it out.

#require verify = sender

van.
 
Is there a way to disable this for one domain? I agree that the sender verification has its purpose in anti-spam techniques. I'd rather not remove it completely.....
 
That's exactly what I'm looking for. I've turned off all sender verification for the time being, to allow the VM to be delivered properly.

But I certainly don't like having it that way. Although alot of SPAM messages have valid email addresses anyway. I get return failures from SPAM messages that use my yahoo.com email address, so perhaps using sender verification will stop some of the SPAM, but I'd like to get it turned back on anyway.
 
I believe you can write an "accept" ACL statement before the "require verify" line, and that should override the "require verify" line.

But I haven't tested it.

Jeff
 
Ok, that appears to have done it. I have the following in my exim.conf:

Code: 
accept  domains = domain.net
require verify = sender

I had to wait a day or so, because I originally had domain.net configured to point towards domain.com on the same box that was receiving the email. Due to the local DNS, it saw the message as coming from localhost. But after removing the DNS pointers, we're good to go. I'll put the domain pointer back on our other DA box to point the .net to the .com page.
 
Well, This solution was working, but has stopped. Nothing has changed. I just noticed that voicemails were not getting delivered anymore.

I don't want to open up Exim by removing the global sender verify option. Would be nice to find a way to allow all mail from a given domain/ip address.
 
Something has changed.

We just don't know what yet.

Have you tried running exim in testing mode to see at what point the email is being rejected and why?

Jeff
 
I'm not sure about running exim in testing mode, but I can see from the logs that the sender verification has failed. I checked the exim config file to ensure that my accept line was still in there for my bogus domain, and it is.

I've checked the asterisk box, and I see nothing there either.
 
Look through your exim.conf file for a test for sender verification before your accept.

I don't remember all the details of the testing mode of exim; I pull out the book each time I need it.

We need some asterisk expertise; touch base with me by telephone or email if you're in a trading mood :) .

Jeff
 
You must log in or register to reply here.
Back
Top