Exim Turn Off Authentication From Localhost

[davef8]

A client of our's is trying to send mail via exim using sockets from within their Java app.

Right now when they attempt to send a message from the box running their Java app and DA this is what they get:

250 server.hostname.com Hello localhost [127.0.0.1]
MAIL to:<[email protected]>
500 unrecognized command
MAIL from:<[email protected]>
250 OK
RCPT to:<[email protected]>
550-Verification failed for <[email protected]>
550 Sender verify failed
QUIT

the "insidedomain.com" is a domain name that has been setup and configured in the DA control panel.

To my understanding Exim is expecting the local user's password before it will send any mail on his behalf. Is this correct?

If so how can we tell Exim not to check for authentication when localhost wants to send a message. That way all the scirpts on the local machine will be able to send mail and anyone from the outside world will still be required to have a password before relaying mail through this server.

The only other caveat in this situation is the fact that the domain "insidedomain.com" although setup on the DA server, it is not currently pointed to the DA server. The client is still testing their apps before they point their domain. Not sure if this is having an effect here or not.

Thank you

 

[nobaloney]

First, that "MAIL to" command is an error; if it's being created by the PHP program, fix the program.

Second, all exim should be trying to do is verify the user is a real user and can receive email.

It checks for that by trying to send mail to that user.

Since you're using obfuscated information I can't check for you, but is "[email protected]" a real user who can receive mail both from the server and from outside?

Jeff

 

[davef8]

The "[email protected]" is a valid user on the server for that domain, however the domain is not currently pointed to the server so depending upon what checks are being executed by Exim this may also be causing the problem.

Regarding the application, it's actually a Java app, but either way, what should the "MAIL to" command be changed to?

 

[nobaloney]

Is there an MX record for the domain?

Can you send an email to the user using the linux "mail" command from the same server?

The first command should be "mail from" and the second "rcpt to"; there's no need for the "mail to" command; all it's doing is creating an error.

Jeff

 

[davef8]

A DA support rep helped out. They recommend commenting out the line in exim.conf that says

"require verify = sender"

I have commented that line out and I'm waiting to see if the customer's app is working now that this change has been made.

 

[modem]

If that line is commented out... does that open the door to spammers to send mail through who are not verified senders??

 

[nobaloney]

In a word, yes.

Here's the comment explaining "require verify - sender":

# Deny unless sender address can be verified:
# This statement requires the sender address to be verified before any
# subsequent ACL statement can be used. If verification fails, the incoming
# recipient address is refused. Verification consists of trying to route the
# address, to see if a bounce message could be delivered to it. In the case of
# remote addresses, basic verification checks only the domain.

If you don't have "require verify = sender", then non-existent users can send email.

All the spam that comes from false domains will be stopped by this command before anything else is tried.

While much of the resulting spam load will be stopped by further checks in the acl, this one check saves a lot of server load on a busy system receiving a lot of spam.

For more information, look up "require verify = sender" on the exim.org website.

Jeff

 

[modem]

Ah... I thought so. Although the sender verify has caused one problem that it never used to.

Currently my DSL ISP is filtering *ALL* port 25 outgoing traffic so when I setup Outlook to check my webserver's email, I have to use the POP3 as normal. Mail.modemnet.net. But for SMTP I MUST put my isp's mail server there otherwise mail will never go anywhere.

All of this culminated when I tried sending out email to one of the mailing lists of a client on my server. The mailing list worked months back with no changes (even while my ISP was filtering port 25). But this is where it gets strange. If I tell outlook to use one of my webserver accounts to send out the mail, even though SMTP has to goto my ISP, all the email bounces back from my server with the following error:

<[email protected]>: host mail.savelostriver.org[69.64.171.88]
said: 550-Verification failed for <********@modemnet.net> 550 Sender verify
failed (in reply to RCPT TO command)

But if I use my ISP's pop3 account, then sending email tot he mailing list works GREAT. I narrowed it down to the require verify option, so I temporarily commented out that item of the exim.conf file. I restarted exim and guess what, I could use my modemnet.net account to send email to the mailing list just fine! But when I uncommented sender verify and restarted exim, then I couldn't send email that appeared to be coming from my modemnet.net account even though it's coming form my ISP's mail server.

Is there a solution to this?

 

[nobaloney]

I can't follow your scenario well enough without recreating it, and I just don't have time for that.

Sender Verify is running on your server.

If the address is from a domain local to the server it will check to see if the entire address can receive mail. If not, it will just check to see if the domain is routable.

This would be a great question for the exim-users list.

Jeff

 

[modem]

Actually let me see if I can explain it a bit clearer. heh when typing too fast I tend to garble my thoughts.

Ok... when I have require verify turned on I run into a specific problem, but I turned it off temporarily and then the problem went away. For reference, both domains modemnet.net (my admin domain) and savelostriver.org (a client) are located locally on my webserver.

The problem seems to be in relationship to MS Outlook and how it's configured and through which POP account I'm sending the mail through. I have two accounts in outlook, one is for my ISP's DSL email (citlink.net), and the other one is for my modemnet email. Both accounts are configured accordingly on how to get/receive email through each account respectively. Although back in September my ISP began filtering *ALL* port 25 traffic to their smtp server. This meant I had to change my modemnet.net account settings from mail.modemnet.net (previous smtp) to smtp.citlink.net (my isp) otherwise I could NOT send email at all. That means any POP3 account that I check that is not from my ISP must have the ISP's smtp server for all outbound email.

Here is where the problem lies when having the require verify turned on. When I send email to the savelostriver.org mailing list from my regular ISP pop3 account, it works great. Everyone on the list receives the email including me. The pop3 account settings for my ISP are:

username: <removed>
password: <removed>
pop3 Server: pop3.citlink.net
smtp Server: smtp.citlink.net
return address: [email protected]

But, when I goto send email to that very same list from my modemnet.net account inside of Outlook, the email comes back to me with the following error:

<[email protected]>: host mail.savelostriver.org[69.64.171.88] said: 550-Verification failed for <[email protected]> 550 Sender verify failed (in reply to RCPT TO command)

That error tells me it's being rejected because the Sender (me?) isn't verified. Which is REALLY strange because the smtp server setting is also set to smtp.citlink.net. The account settings are as follows:

username: <removed>@modemnet.net
password: <removed>
pop3 Server: mail.modemnet.net
smtp Server: smtp.citlink.net
return address: [email protected]

Is there any reason as to why this minor difference is causing this problem?

 

[nobaloney]

That error tells me it's being rejected because the Sender (me?) isn't verified. Which is REALLY strange because the smtp server setting is also set to smtp.citlink.net.

It's strangeness is why I suggested the exim-users list.

Among others on that list is the author of exim.

I'd think guessing here would be counterproductive and time wasting when a proper answer might be only moments away on that list.

Of course I could be wrong .

Jeff

 

[modem]

After a bit of digging and researching witht he help of the Exim list... I found out it's my ISP (Frontiernet.net) whose email server is giving me the error message of unverified sender. It's not even making it to my server.

Now if they'd just quit #%#@%%^$ blocking port 25 to only their servers me and my customers would live happily ever after.