Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 4406 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sender verification error (recepient) for <...>

Adri Rijnart
Hi,
When using the smtp proxy, some destinations are not reachable and I get the following bounce:

This is the mail system at host mymailhost.mydomain.tld.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

: host mx1.otherIspDomain.tld[***.yyy.zzz.146] said:
    550-Verification failed for  550-Previous (cached) callout
    verification failure 550 Sender verification error (recipient) for
    me@mydomain.tld (in reply to MAIL FROM command)


Mails do arrive great when disabling the smtp proxy and delivering mail through Astaro to my server with P/DNAT

Is this a bug? I need all the fine features of Astaro to filter incoming mail traffic but do not like to fail on targets.

How can this problem be solved?

Rgd. Adrie


This thread was automatically locked due to age.
Parents
  • 0
    Have you checked to make sure that your domain has the correct reverse DNS entry?

    I have to admit that I'm confused.  The first half of your post indicates that emails you send get bounced back to you.  The second half talks about how you force the Astaro to deliver emails that would be blocked by the spam filter.  Rather than disable the SMTP Proxy, why not whitelist the improperly-configured domain for RDNS/HELO?

    Cheers- Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Have you checked to make sure that your domain has the correct reverse DNS entry?

    I have to admit that I'm confused.  The first half of your post indicates that emails you send get bounced back to you.  The second half talks about how you force the Astaro to deliver emails that would be blocked by the spam filter.  Rather than disable the SMTP Proxy, why not whitelist the improperly-configured domain for RDNS/HELO?

    Cheers- Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    I have the forward and reverse dns records. The domain is 

    The problem is indeed about bounced emails. However the receiving ispmailserver validates the mailsender by verifying the sender, in this case me_at_rcan_dot_nl, BY querying the Astaro, being the smtpproxy. The smtpproxy does not know about me_at_rcan_dot_nl and the message is then rejected. I think the Astaro should query the inside mailserver.

    As you can see white-listing will not do.
  • 0 in reply to Adri Rijnart
    Sorry, I obviously didn't read your original post closely enough.  I guess that the other company needs to either whitelist your domain or they need to upgrade/patch their mailserver.

    Whether you want to allow Sender Verify requests is another story, and I don't know if Astaro can be configured to pass those requests.  We stopped using it for reasons you can find in these Forums by searching on Sender Verify.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Bob,
    Solved the issue. By disabling BATV in the "Advanced anti-spam features" at the bottom of the ant-spam tab the mails get to the proper destination. Without the option the isp-mailserver allows the mail in.

    Thx for the support.
  • 0 in reply to Adri Rijnart
    I don't think you should have to do that, but if you don't mind losing that functionality and you don't want to ask the other people to whitelist your domain.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    The problem is that that the "other side" does sender address verification using the header sender ("From:" header). This is incompatible with BATV, and also with some mailing list implementations and some "robot" email. They should use the envelope sender instead. 

    You should be able to create an exception for BATV using a *@theirdomain.com mask entry, instead of turning it off entirely.
  • 0 in reply to tom_01
    So, Tom, you're saying that if he leaves BATV enabled, but adds an exception for '*@theirdomain.com' for BATV, then the Astaro will send the verification his correspondant is requesting?

    Cool - Thanks!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner