Exim Sender Verify Callout or Callback Could Not Complete or Verification Failed Error

»»»Exim Sender Verify Callout or Callback Could Not Complete or Verification Failed Error
If you’re running web host or email server using Exim or Sendmail as mail transfer agent (MTA), and found that emails or mail messages sent to you, your clients or users may occasionally lost or never arrived to the mailboxes, your mail server may fall victim to the mess of sender verification. It’s the most likely cause of missing emails if you have verified that the email does not catch by spam filters or junk mail controls, and the mail server domain and IP address is not under any RBL (Real-Time Black Lists) block.

The symptom of undelivered mail or bounced mail can also be checked and seen in Exim or Sendmail error log. The mail usually get rejected by destination server (if destination server is your server, incoming email is lost, otherwise, outgoing mail is bounced) with the following messages:

550 Sender verify failed

550 sender verify rejected exim

550 verify validity

550 administrative prohibition “mailserver verify address”

550 message to verify they are valid

550 Sender verify failed – upgrade your firewall firmware or settings

550 Not sent – no reverse lookup

550 The destination mail system rejected your return address

550 Sender must exist

550 Domain not found

Sender verification is new measure to try to stop and block email spam infection. Mail servers or more accurately the MTA such as Exim that comes with popular control panel such as cPanel and WHM uses a mechanism named sender callouts or callbacks to validate the complete incoming From: address of a remote sender as found in the email envelope is actually a real local account on the sending mail server. If the origin mail server returns the false value, the incoming mail will be reject and will not be accepted by the intended recipient’s MTA.

A bounced email will usually generate and indicate to the sender that the verification attempt fails. However, as the sender doesn’t actually exist, so nobody will get the mail, and nobody knows what happen to the mail and why the email was never delivered. As not every mail host would bother you by making the mail server compliant with RFC standards, such as RFC 1123 which accept mails from the null sender, so you best bet to get mail safely and securely deliver is to make sure that your mail server able to properly handle the mails sent from those ignorant parties.

So if you’re the sender who found that your mail mysteriously disappear for unknown reason, make sure you send mail out with a real and actual mailbox user account name. Using false or false mailbox name such as nobody@domain.com in hoping that nobody replies get back to you will likely to cause sender verification to fail, and no mail been routed and delivered.

If you keep receiving mails especially from mailing lists or subscriptions that using invalid sender address, and you can’t help but need to receive the email, the only choice is to instruct your MTA to accept these emails. There are basically two choices on how to do it, firstly by creating a white lists which unblock those known email addresses, and secondly, disable sender verification altogether to avoid any future issues. Second option is much easy way, but you run the risk of receiving more spam. Beside, the mail queue will also likely to grow larger or email will be rejected because the mail server will be accepting more faked spam messages. However, you don’t have to worry about lost emails and undelivered emails anymore due to sender using non-existent email address. Here’s a few tutorials on how you can achieve these tasks in popular web hosting control panel – cPanel/WHM.

How to Disable Sender Callouts Verification in cPanel/WHM 10.x

  1. Login to the WebHost Manager.
  2. On the Service Configuration section, click on Exim Configuration Editor link.
  3. Uncheck and untick the checkbox next to Use callouts to verify the existence of email senders. option.
  4. Press the Save button, and cPanel will auto restart Exim.

How to Disable Sender Callouts in cPanel/WHM v11

  1. Login to the WebHost Manager.
  2. On the Service Configuration section, click on Exim Configuration Editor link.
  3. Uncheck and untick the checkbox next to ** Use callouts to verify the existence of email senders. Basiclly, exim will connect to the mail exchanger for a given address to make sure it exists before accepting mail from it. option.
  4. Press the Save button at the bottom of the page, and cPanel will auto restart Exim.

Create Whitelist to Exclude from Exim Sender Verify Callbacks – Simple Whitelist Guide

If you don’t want to turn off sender callouts to verify the existence of email senders, you can also create a whitelist so that Exim will check against it to see if callout instruction for a particular sender can be ignored. Note that the steps need some basic knowledge on working with Unix shell, and involves manual modification of Exim configuration file, which any mistake will make the mail server not working.

  1. Create a file that will record all trusted email addresses, i.e. /etc/whitelist_senders with each address on each line. Wildcard is accepted, such as *@domain.com will include all senders from domain.com.
  2. In cPanel/WHM, click on Exim Configuration Editor under Service Configuration section. Then click on Advanced Editor button on the right pane.
  3. In Advanced Editor top most text box, add the following code (if there is existing text, add below them):


    addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders

  4. Scroll down to the next text box, where there should three text boxes together. This is the beginning of ACL section.
  5. In the middle box of these three text boxes, search for the following 4 lines:


    #sender verifications are required for all messages that are not sent to lists
    require verify = sender/callout
    accept domains = +local_domains
    endpass

    Replace these 4 lines with the following code:


    #sender verifications are required for all messages that are not sent to lists
    deny
    !verify = sender/callout
    !senders = +whitelist_senders
    accept domains = +local_domains
    endpass

  6. Scroll down the to the bottom end of the middle of the 3 boxes, locate these 4 lines:


    #!!# ACL that is used after the DATA command
    check_message:
    require verify = header_sender
    accept

    Replace these 4 lines with the following code:


    #!!# ACL that is used after the DATA command
    check_message:
    deny
    !verify = header_sender
    !senders = +whitelist_senders
    accept

  7. Click on the Save button on the bottom of Advanced Editor.
  8. Verify that Exim working properly by sending and receiving emails.
  9. If Exim is not working properly, check the configuration file again for errors.
  10. If Exim is working properly, add in the sender email address or domain that you’re having problem with to the white list file.
  11. Ask the sender to send email to you again to verify the delivery.

Create Whitelist to Exclude from Exim Sender Verify Callbacks – Auto Exclusion with Whitelist Guide

There are some non-existent and invalid email addresses that always been used by administrators to send out emails, especially notifications and subscriptions. Such email always has the common words such as nobody, bounce, request, root, anonymous and etc. You can use this assumption to instruct Exim to automatically allow emails with these senders to go through to the recipients without sender verification. This reduce the works to add email addresses to white lists.

  1. Create 3 files as below to act as your whitelists:


    /usr/local/cpanel/base/eximacl/rv_callout_sender_domain_whitelist
    /usr/local/cpanel/base/eximacl/rv_callout_receiver_domain_whitelist
    /usr/local/cpanel/base/eximacl/rv_sender_verify_domain_whitelist

  2. In cPanel/WHM, click on Exim Configuration Editor under Service Configuration section. Then click on Advanced Editor button on the right pane.
  3. In Advanced Editor top most text box, add the following code (if there is existing text, add below them):


    domainlist rv_callout_sender_domain_whitelist = lsearch;/usr/local/cpanel/base/eximacl/rv_callout_sender_domain_whitelist
    domainlist rv_callout_receiver_domain_whitelist = lsearch;/usr/local/cpanel/base/eximacl/rv_callout_receiver_domain_whitelist
    domainlist rv_sender_verify_domain_whitelist= lsearch;/usr/local/cpanel/base/eximacl/rv_sender_verify_domain_whitelist

  4. Scroll down to the middle to locate the ACLs section, where 3 textboxes appear together (most likely top and bottom one are empty text fields). It should appears after begin acl.
  5. In the middle box of the 3, locate the following line:


    require verify = sender/callout

    Replace the above line with the following block of code:


    # Deny unless the sender address can be verified.
    deny message = From email address must be valid
    # do not check address for lists or bounces
    # or people in our company contact database
    !senders = ^.*-request@.*:\
    ^bounce-.*@.*:\
    ^.*-bounce@.*:\
    ^owner-.*@.*:\
    ^listmaster@.*:\
    ^root@.*:\
    ^anonymous@.*:\
    ^nobody@.*
    !domains = +rv_callout_receiver_domain_whitelist
    !sender_domains = +rv_callout_sender_domain_whitelist
    # do not check for DSN-ignorant domains
    # those that don't accept MAIL FROM:<>
    !dnslists = dsn.rfc-ignorant.org/$sender_address_domain
    !verify = sender/callout=10s,defer_ok
    ##
    # Check that there is a MX record for those that do not
    # meet the deny statement requirements - ie bounces
    # No cost as previous lookup is cached if executed
    ##
    deny !sender_domains = +rv_sender_verify_domain_whitelist
    !verify = sender

  6. Click on the Save button on the bottom of Advanced Editor.
  7. Verify that Exim working properly by sending and receiving emails.
  8. If Exim is not working properly, check the configuration file again for errors.
  9. If Exim is working properly, add in the sender email address or domain that you’re having problem with to the white list files.
  10. Ask the sender to send email to you again to verify the delivery.

By | 2016-12-09T08:39:44+00:00 December 9th, 2016|Categories: Web Servers|Tags: , , , |0 Comments

About the Author:

LK is a technology writer for Tech Journey with background of system and network administrator. He has be documenting his experiences in digital and technology world for over 15 years.Connect with LK through Tech Journey on Facebook, Twitter or Google+.

Pin It on Pinterest

Share This

Share This

Share this post with your friends!