Sender Verify Workaround
I host a website, let's say problemdomain.com on my server but their MX records are set up for Gmail (via their domain registrar). This is fine, but when they try to send me an email (my domain is hosted on the same server), I get:
I've previously attempted to fix this by: 1. Removing all MX records from the zone file for problemdomain.com 2. Removing problemdomain.com from /etc/localdomains 3. Adding problemdomain.com to /etc/remotedomains .... but still no joy. It's strange that it says "deliver mail to friend@problemdomain.com" because that's the sender address, not the recipient. Any suggestions to fix this so they can send me emails?
2018-06-12 16:20:37 H=mail-vk0-f49.google.com [209.85.213.49]:42330 sender verify fail for : The mail server could not deliver mail to friend@problemdomain.com. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
2018-06-12 16:20:37 H=mail-vk0-f49.google.com [209.85.213.49]:42330 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F= rejected RCPT : Sender verify failed
2018-06-12 16:20:37 H=mail-vk0-f49.google.com [209.85.213.49]:42330 Warning: "Detected session with all messages failed"
2018-06-12 16:20:37 H=mail-vk0-f49.google.com [209.85.213.49]:42330 Warning: "Increment slow_fail_block Ratelimit - mail-vk0-f49.google.com [209.85.213.49]:42330 because of all messages failed"
2018-06-12 16:20:37 SMTP connection from mail-vk0-f49.google.com [209.85.213.49]:42330 closed by QUITI've previously attempted to fix this by: 1. Removing all MX records from the zone file for problemdomain.com 2. Removing problemdomain.com from /etc/localdomains 3. Adding problemdomain.com to /etc/remotedomains .... but still no joy. It's strange that it says "deliver mail to friend@problemdomain.com" because that's the sender address, not the recipient. Any suggestions to fix this so they can send me emails?
-
Hi @deadlock If the domain's MX records are not hosted on your server the domain should not be present in /etc/localdomains so you were correct in making that modification but it looks like there may be more than one item preventing mail from being sent to problemdomain.com. Based on the error message it looks like it's also failing Sender verification. Can you tell me if either of the following is set to On in WHM>>Service Configuration>>Exim Configuration Manager: Sender Verification Callouts Sender Verification Thanks! 0 -
Sender Verification Callouts - Off (default) Sender Verification - On (default) I wouldn't want to disable Sender Verification globally, I would drown in spam. I did some googling earlier and I think it's not possible to whitelist by domain? 0 -
Hi @deadlock I wouldn't want you to disable that either, I just wanted to see if both were enabled. Can you add your friend's IP to the Sender verification bypass IP addresses which is also present in Exim Configuration Manager and let me know if the issue persists? Thanks! 0 -
I don't know what his IP is right now because he sends via Gmail so it's not included in his headers. I could find out what it is but it's probably a dynamic IP so this wouldn't be a useful long-term solution. 0 -
Hi @deadlock Is the email address friend@problemdomain.com or friend@gmail.com? If it's friend@problemdomain.com you can find the IP address by doing the following via SSH: dig a problemdomain.com
Then to find the IP address of the MX record you'll first query what the MX record is:dig mx problemdomain.com
and then use the output to get the A record:dig a mxrecord.problemdomain.com
Also if they're using Gmail to send/receive mail you can get google's Public IP addresses: Google IP address ranges for outbound SMTP - G Suite Administrator Help0 -
Their MX records look like this: problemdomain.com. 3154 IN MX 20 alt2.aspmx.l.google.com. problemdomain.com. 3154 IN MX 30 aspmx3.googlemail.com. problemdomain.com. 3154 IN MX 20 alt1.aspmx.l.google.com. problemdomain.com. 3154 IN MX 30 aspmx2.googlemail.com. problemdomain.com. 3154 IN MX 10 aspmx.l.google.com.
They've confirmed that their outgoing mail is via Gmail. So what you're saying is that I need to Sender-Verify-Bypass the IP address ranges of all the Gmail servers? Won't that generally invite a whole lot of spam, and affect all the other users on my server? "[Google] mail servers use a large range of IP addresses, and the addresses often change" If this is the case then it seems I'm on a wild goose chase, I'll probably just stick to my clumsy workaround of trying to remember to use my Gmail account to communicate with him. At least I've reached a conclusion anyway, so thanks for that. On a side note, would it not be a useful cPanel option to be able to whitelist individual domains from Sender Verify checking, instead of having to whitelist entire mail servers by IP?0 -
They've confirmed that their outgoing mail is via Gmail. So what you're saying is that I need to Sender-Verify-Bypass the IP address ranges of all the Gmail servers? Won't that generally invite a whole lot of spam, and affect all the other users on my server?
Ultimately the problem here is that friend@problemdomain.com has a bad SPF record so the sender verification is failing. If you want to accept/send mail to the domain you'll have to either recommend they resolve the issue with their SPF or whitelist them from being checked against sender verification checks. You can try to just whitelist the domain's IP address but I would assume the issue is really that they're sending from Gmail and they've not updated their SPF to include google which would lead to the necessity to add Gmail's IP's to the sender verification bypass list. I can't say for certain if you'd end up receiving a lot of spam if this is done but it would affect the rest of the users on the server.On a side note, would it not be a useful cPanel option to be able to whitelist individual domains from Sender Verify checking, instead of having to whitelist entire mail servers by IP?
Because an IP is fixed and where a domain points may not be it is necessary to use IP's in this instance rather than domains.0
Please sign in to leave a comment.
Comments
7 comments