exim and spam check queries

AniG

New Member
#1
Hi,

I was having problems sending mails to a domain. Alex from support explained that it was because "Use callouts to verify the existance of email senders" was checked in my exim config in WHM and that the recipient mail server needed to be fixed.

After a little searching around I found this was part of a spam check method for exim..

from ConfigServer.com:
Another preventative measure is to enable the WHM options:

WHM > Exim Configuration Editor > Verify the existance of email senders.
WHM > Exim Configuration Editor > Use callouts to verify the existance of email senders.

These two options have exim check that any server that attempts to relay email to your server can actually receive email in reply. This is part of the RFC requirements of an SMTP server and the inability of a server to do so indicates a likely spammer.
Now, my question is, how important is this setting? What can happen if I uncheck these, so even badly configured mail servers, such as the one in question here, are able to receive mails from me?
 

KH-Paul

CTO
Staff member
#2
Ani,

These two options may affect possibility to receive incoming mail from remote servers but don't have any effect on outgoing mail. If you uncheck these options you should start seeing more spam coming in as most spammers use fake emails and these two options helps to prevent such messages from being accepted by your mailserver.

Regards,
Paul
 

AniG

New Member
#3
oh! Hmm.. well what can cause mails to not reach another domain then? For this particular domain (adira.com) the emails I sent were delayed over 72 hours.. and finally I received the mail not delivered notice...

I haven't seen problems with sending mails to other domains/servers.. except for this one.. Alex, from support said that adira.com mailserver needed to be fixed.. so I am pretty confused now...
 

AniG

New Member
#4
these are the kinds of errors I see in the exim_mainlog for the problem domain:

2006-08-28 10:22:36 1GGGkP-00041m-Dj == yyyyy@adira.com R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
2006-08-28 11:32:14 1GGGkP-00041m-Dj ** yyyyy@adira.com R=lookuphost T=remote_smtp: retry time not reached for any host after a long failure period
2006-08-28 11:32:23 1GHhkw-0006JY-Gi ** yyyyy@adira.com R=lookuphost T=remote_smtp: retry time not reached for any host after a long failure period
2006-08-28 14:54:12 H=(fw.adira.local) [84.96.47.18] F=<xxxxx@adira.com> temporarily rejected RCPT <af@silkrd.com>: Could not complete sender verify callout
is this related to the WHM exim config settings? if not, what is the delay being caused by?
 

KH-Paul

CTO
Staff member
#5
Ani,

What is your ticket #? If you don't want to post it here, feel free to email it to me at paul-at-knownhost.com. I would like to take a closer look at your ticket

Regards,
Paul
 

AniG

New Member
#6
also.. is there a resource online, other than the docs at exim.org, that could shed some more light on how to interpret these cryptic exim errors for exim virgins like me? :)
 

KH-Paul

CTO
Staff member
#8
Ani,

There is a mix of multiple errors related to different things:

2006-08-28 10:22:36 1GGGkP-00041m-Dj == yyyyy@adira.com R=lookuphost T=remote_smtp defer (-53): retry time not reached for any host
2006-08-28 11:32:14 1GGGkP-00041m-Dj ** yyyyy@adira.com R=lookuphost T=remote_smtp: retry time not reached for any host after a long failure period
2006-08-28 11:32:23 1GHhkw-0006JY-Gi ** yyyyy@adira.com R=lookuphost T=remote_smtp: retry time not reached for any host after a long failure period
These messages don't mean much. The only information you can get from these lines is that you have 3 different emails directed to yyyyy@adira.com sitting in your mail queue for whatever reason. You should be able to see full history on message processing using, for example, the following command:

Code:
grep 1GGGkP-00041m-Dj /var/log/exim_main
The above command will all log enties for specific email message unless log file was rotated just recently.

This log entry:

2006-08-28 14:54:12 H=(fw.adira.local) [84.96.47.18] F=<xxxxx@adira.com> temporarily rejected RCPT <af@silkrd.com>: Could not complete sender verify callout
is a bit different. It was generated due to incoming smtp connection from the 84.96.47.18 server which tried to send you an email from "xxxxx@adira.com". As you have sender verification options enabled your exim configuration it tried to connect to best MX for the adira.com domain and either failed or remote server refused to accept mail for xxxxx@adira.com

Now, let's take a look at this domain:
- This domain has single MX record pointing to mail.adira.com:
Code:
# host -t mx adira.com
adira.com mail is handled by 5 mail.adira.com.
- mail.adira.com resolves to 83.141.132.31:
Code:
# host mail.adira.com
mail.adira.com has address 83.141.132.31
- let's try to stablish SMTP connection to this host:
Code:
# telnet 83.141.132.31 smtp
Trying 83.141.132.31...
Connected to 83.141.132.31.
Escape character is '^]'.
I interrupted this connection attempt after 2-3 minutes of waiting - remote server doesn't display smtp greeting and it is not possible to send email mail to this domain, so I would assume that first 3 log entries you've included in your post has real reason for delivery failure reports as "connection timed out" or something similar and RCPT verification failed to the very same reason - inability to connect to the smtp server which is advertised as best MX for the adira.com domain.

Regards,
Paul
 

AniG

New Member
#9
Hi Paul,

Thanks for the detailed explanation.

I did pretty much the same thing as you. I telnetted into adira.com port 25 as well to see if there was a response. Got the same thing as you. It may seem their mail server is not responding or maybe not configured properly, even though the MX record is there. Strangely enough, I am able to send mail to that domain using my gmail or yahoo accounts. I don't know why mails from my VPS are not reaching them. Even more puzzling is that I did receive an email from an address on adira.com just few hours ago (on one of my VPS account addresses). So mails are coming from them to me, despite that strange RCPT failure from the xxxxx@adira.com address in the log. Here is the relevant part of the header from that mail:
Received: from [84.96.47.18] (helo=fw.adira.local)
by ****.****.com with esmtp (Exim 4.52)
id 1GHl0s-0008W5-Uh
for ****@****.biz; Mon, 28 Aug 2006 13:35:07 -0400
Received: (from uucp@localhost)
by fw.adira.local (8.12.8p1/8.12.8) id k7SFoUBt022322;
Mon, 28 Aug 2006 17:50:30 +0200
This behavior seems to have cropped up after I moved to this new VPS. I didn't see such issues on my old server. That leads me to believe that there might still be unresolved configuration issues on my VPS. I just can't seem to figure out where to look. Your explanation and info does help though... but if you do come up with another way to figure out what is causing mails not to reach adira.com please do let me know.
 

KH-Paul

CTO
Staff member
#10
Ani,

If it does work from other places there is a chance that:
a) they return different MX records based on the source host location / ip network;
b) they filter some ip addresses / networks for whatever reason;
c) something is misconfigured somewhere.

I highly doubt this is related to your VPS configuration as the telnet test I quoted above was executed not from inside your VPS but from my own VPS which is used by me as a playground. It was a brand new CentOS 4.x VPS with no control panel and/or any configuration modification.

As to why you can receive mail from them with rctp-to verification disabled - please take a look at the IP address of their MX (83.141.132.31) and IP you've received from email from (84.96.47.18). IPs are different and I have no troubles establishing smtp connection with this IP:

# telnet 84.96.47.18 smtp
Trying 84.96.47.18...
Connected to 18.47.96-84.rev.gaoland.net (84.96.47.18).
Escape character is '^]'.
220 fw Sendmail ready.
quit
221 Closing connection
Connection closed by foreign host.
Regards,
Paul
 
Top