[Exim] sender verify vs. broken mailer configs, again.

Top Page
Delete this message
Reply to this message
Author: Exim Users Mailing List
Date:  
To: Exim Users Mailing List
Subject: [Exim] sender verify vs. broken mailer configs, again.
What's even funnier is that someone with known bad reverse DNS would
dare to run active sender address verifications.

Active sender address verifcation by SMTP is evil -- it does nothing
that cannot be done just as well by far less error-prone means.

(BTW, what good are computers if they can't be specific about what they
are doing? I.e. why the ambiguity about HELO vs. MAIL in the erro text?)

------- start of forwarded message (RFC 934 encapsulation) -------
Message-Id: <m19VkFJ-000B49C@???>
Date: Thu, 26 Jun 2003 23:49:57 -0400 (EDT)
From: <MAILER-DAEMON@???>
To: woods@???
Subject: mail failed, returning to sender
Summary: message returned due to delivery errors.
Reference: <m19Vk8Y-000B48C@???>

|------------------------- Failed addresses follow: ---------------------|
 address: wakko@??? ... failed: inet_zone_bind_smtp transport reports unknown user:
550-Callback setup failed while verifying <woods@???>
550-Called:   204.92.254.2
550-Sent:     HELO animx.eu.org
550-Response: 501-fatal error while validating 'HELO' host name 'animx.eu.org'.
550-501-connection rejected from dial249.pm3abing3.abingdonpm.naxs.com remote address [216.98.75.249].
550-501-Reason given was:
550-501-  No reverse DNS PTR for the remote address [216.98.75.249] has a
550-501   hostname matching 'animx.eu.org'
550-The initial connection, or a HELO or MAIL FROM:<> command was
550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards
550-RFC requirements, and stops you from receiving standard bounce
550-messages. This host does not accept mail from domains whose servers
550-refuse bounces.
550 Sender verify failed
|------------------------- Message text follows: ------------------------|
Received: from localhost (2674 bytes) by proven.weird.com
    via sendmail with STDIO
    (sender: <woods>)
    (ident <woods> using UNIX)
    id <m19Vk8Y-000B48C@???>
    for <wakko@???>;
    (dest:local)(R=bind_hosts)(T=error)
    Thu, 26 Jun 2003 23:42:58 -0400 (EDT)
    (Smail-3.2.0.116-Pre 2003-Jun-18 #1 built 2003-Jun-24)
Message-Id: <m19Vk8Y-000B48C@???>
Date: Thu, 26 Jun 2003 23:42:58 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Face: ;j3Eth2XV8h1Yfu<eXd9JL+"t;iT8?{X]Fjm`Qb]>*uL{<:dQ$#E[DB0gemGZJ"J#4fH*][
 lz;@-iwMv_u\6uIEKR0KY"=MzoQH#CrqBN`nG_5B@rrM8,f~Gr&h5a\=<t0loVf0$}bP=]i3OMh"n_
 _@m4/,~2`V=(-9LyW.)'`@E_fE^<4y7)BIe`A''/j-Y#gDNZERh%CCij'q-NA4F<|yjznEhd7=l^xH
 2.qD3o0IanGHERTW+z$G
From: "Greg A. Woods" <woods@???>
To: Wakko Warner <wakko@???>
Subject: Re: [Exim] FWD: Mail delivery failed: returning message to sender
In-Reply-To: <20030626192525.C17246@???>
References: <20030626192525.C17246@???>
X-Mailer: VM 7.07 under Emacs 21.2.1
Reply-To: "Greg A. Woods" <woods@???>
Organization: Planix, Inc.; Toronto, Ontario; Canada


[ On Thursday, June 26, 2003 at 19:25:25 (-0400), Wakko Warner wrote: ]
> Subject: [Exim] FWD: Mail delivery failed: returning message to sender
>
> I find the following bounce rather funny since the thread was about
> rejecting HELOs. I think the following is a bit too strict as it rejects
> too much.


You can think all you want, but it's my machine and it works for me! ;-)

> If the check had simply did a lookup of my domain, animx.eu.org,
> it would have found the ip 216.98.75.249.


Yes, my mailer probably did that too, but if your IP address has any PTR
records then I'm going to verify they're 100% completely correct and
perfect. Reverse DNS is not only completely useless if it's wrong, but
it can also easily be mistaken for attempts to do DNS spoofing attacks
and other kinds of forgery and fudgery.

> I can't fix this


You can, actually, and you have at least two choices to do so.

> as 1)
> dial249.pm3abing3.abingdonpm.naxs.com is not my mail domain (who is going to
> type that) and


You don't have to type that -- just make sure your mailer uses that in
its EHLO/HELO greeting (and in its 220 greeting of course).

Your MX for your desired e-mail domain can point to any hostname that'll
accept your e-mail.

> 2) I have no control over the rDNS.


Assuming that's supposed to be a static IP (*), then you should find a
new ISP (at least to host your mailer) -- yours is apparently totally
brain-dead. Note your mailer doesn't have to live where you do.

(*) if it's not then you should not be sending e-mail from it in the
first place and it should probably be listed in the various dial-up
blacklists and then I'd have rejected the connection for that reason.

- --
                                Greg A. Woods


+1 416 218-0098;            <g.a.woods@???>;           <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>


------- end -------

--
                                Greg A. Woods


+1 416 218-0098;            <g.a.woods@???>;           <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>