Re: [Exim] roadrunner broke my new toy..

Top Page
Delete this message
Reply to this message
Author: Tor Slettnes
Date:  
To: Brian
CC: exim-users
Subject: Re: [Exim] roadrunner broke my new toy..
On Mon, 2004-05-03 at 05:43, Brian wrote:
> So I got my exim working with sender verification by removing the
> smarthost setup I had. Using the logic of "If I can verify the sender,
> if the recipient doesn't exist, I'll be able to send back a message to a
> valid originator." (and I won't need to send all my bounces to a smart
> host for outbound delivery..


A few misconceptions already (more to follow below).

The "verify=sender/callout" mechanism does not actually send back any
(bounce) messages. Instead, it can be used in an ACL to reject
connections at SMTP time, so the message is not accepted in the first
place.

Also, it has nothing to do with your smarthost router. Sender
verification works by calling the MX of the sender's domain directly, no
other routing involved. In fact, you have a very good reason to keep
using a smarthost (see below).


> require verify = sender/callout=10s
> message = unrouteable sender domain
>
> as per the spec.txt (38.22) tells me that this will spend 10 seconds on
> this. Which is more than enough time.


No, it is not. Give at least 30 seconds.

> So I've found that I get this
> type of response from roadrunner domains (*.rr.com):
>
> <<< 550-(result of an earlier callout reused).
> <<< 550-The initial connection, or a HELO or MAIL FROM:<> command was
> <<< 550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards
> <<< 550-RFC requirements, and stops you from receiving standard bounce
> <<< 550-messages. This host does not accept mail from domains whose servers
> <<< 550-refuse bounces.
> <<< 550 Sender verify failed


It is quite unclear from your message who actually produces this
message, but I don't think that is RoadRunner. (Big ISPs normally do
not do sender/receiver verification -- to expensive, and too strict for
many of their customers).

Instead, what you probably have encountered is that RoadRunner reject
incoming messages (at the MAIL FROM: stage) if they are sent directly
from "Dynamic" IP addresses (which actually means
residential/private-use IP addresses issued by ISPs to their customers,
dynamic or not). Try "telnet herndon.mgw.rr.com 25", and talk to their
SMTP server directly -- this is what I got:

S: 220 nymx03.mgw.rr.com ESMTP Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! ***
C: HELO dot.slett.net
S: 250 nymx03.mgw.rr.com Hello c-24-4-199-45.client.comcast.net [24.4.199.45], pleased to meet you
C: MAIL FROM: <tor@???>
S: 553 5.3.0 Mail from 24.4.199.45 rejected, see http://www.mail-abuse.org/dul
Connection closed by foreign host.


> So it looks like roadrunner doesn't like mail from <> go to it's
> recipients.. (lame)


Your test does not show this.


> when I do this by hand it seems to go through..


Are you connecting from a different (non-residential) IP address?

> Trying 24.29.102.163...
> Connected to nycmx03.mgw.rr.com.
> Escape character is '^]'.
> 220 nycmx03.mgw.rr.com ESMTP Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! ***
> helo blah.com
> 250 nycmx03.mgw.rr.com Hello mystique.poklib.org [63.109.236.156],
> pleased to meet you
> mail from:<>
> 250 2.1.0 <>... Sender ok
> rcpt to:<acook@???>
> 250 2.1.5 <acook@???>... Recipient ok
> data
> 354 Enter mail, end with "." on a line by itself
> subject: blah
> to:<acook@???>
> from:<>

       ^^^


Even though the Envelope From: ("MAIL FROM:") is set to "<>", you should
put in a valid address in the "From: " header (such as "Mailer-Test
<mailer-daemon@???>").


-tor