Qmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: 451 Could not complete sender verify callout

from [Jeremy Kitchen] [Permanent Link][Original]
To: qmail@list.cr.yp.to
Subject: Re: 451 Could not complete sender verify callout
From: Jeremy Kitchen <kitchen@scriptkitchen.com>
Date: Tue, 30 Jan 2007 11:27:02 -0800
Delivered-to: sp-com-lists@consult.net
Delivered-to: gmail-qmail@securepoint.com
Delivered-to: sp.com.list@gmail.com
Delivered-to: mailing list qmail@list.cr.yp.to
In-reply-to: <45BF98B0.1050509@dotcomholdingsofbuffalo.com>
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm
References: <45BF5CEA.706@dotcomholdingsofbuffalo.com> <20070130151033.GA25863@odin.dempsky.org> <45BF653F.3070503@dotcomholdingsofbuffalo.com> <20070130160232.GA17625@odin.dempsky.org> <45BF770B.7000508@dotcomholdingsofbuffalo.com> <45BF84DB.4060309@scriptkitchen.com> <45BF98B0.1050509@dotcomholdingsofbuffalo.com>
User-agent: Thunderbird 1.5.0.9 (Macintosh/20061207) 
Phil Breskey wrote:
> Jeremy Kitchen wrote:
>> Phil Breskey wrote:
>>> Matthew R. Dempsky wrote:
>>>> On Tue, Jan 30, 2007 at 10:33:19AM -0500, Phil Breskey wrote:
>>>>> krudmart.com is the main one.
>>>> krudmart.com uses EXIM and presumably has sender address verification
>>>> enabled.  In response to sending mail, they check if your mail server
>>>> accepts an envelope from <> to your sender.
>>>>
>>>> By default, Exim has a timeout of 30 seconds, and your mail server
>>>> seems to delay the SMTP greeting by about 30 seconds.
>>>>
>>>>
>>> From what I'm reading about the greeting delay, it is a good thing,
>>> right?  I'm gathering that it is to protect against 'smtp slammers'?
>>>
>>> I added a line to my /etc/tcp.smtp like this:
>>>
>>> 70.87.77.70:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
>>>
>>
>> you shouldn't give that site relay access.
>>
> 
> I removed it right after I discovered it didn't fix my problem.
> 
>>> and ran:
>>>
>>> tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
>>>
>>> but the problem still seems to exist.  When trying to send a message to
>>> my friend at Krudmart.com, this is in my logs:
>>>
>>> @4000000045bf74de0b893194 starting delivery 37: msg 8241251 to remote
>>> xxx@krudmart.com
>>> @4000000045bf74de0b894134 status: local 0/10 remote 1/20
>>> @4000000045bf74fc27f7700c delivery 37: deferral:
>>> 70.87.77.70_does_not_like_recipient./Remote_host_said:_451_Could_not_complete_sender_verify_callout/Giving_up_on_70.87.77.70./
>>>
>>>
>>>
>>> Is there a way to change the greeting delay for a specific host?
>>
>> it depends on what patch / shim you're using to achieve the greeting
>> delay.  If you're using the greetdelay package from
>> http://alkemio.org/software/greetdelay/, you simply set the GREETDELAY
>> environment variable in your tcprules file.   Now, depending on how
>> you're launching greetdelay, that may or may not work, so you should
>> tell us the method you're using for your smtp greeting delay and also
>> your smtp run script.
>>
> 
> I didn't do this install, so I'm not sure what patches were applied.  I
> can't find anything that is doing a 'greetdelay', but I'm not entirely
> sure what I'm looking for.  The person who set this up left the source
> directories behind for some of the software he setup, and from what I
> can gather, this is installed:
> 
> checkpassword-0.90
> clamav-0.85.1
> netqmail-1.05
> qmail-scanner-1.25
> qmail-scanner-1.25st
> relay-ctrl-3.1.1
> safecat-1.11
> ucspi-tcp-0.88
> ucspi-unix-0.36
> vmailmgr-0.96.9
> vmailmgr.gcc3.patch
> vmailmgr.python23.patch
> 
> The qmail-smtp run file looks like this:
> 
> #!/bin/sh
> 
> QMAILDUID=`id -u qmaild`
> NOFILESGID=`id -g qmaild`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> LOCAL=`head -1 /var/qmail/control/me`
> 
> if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z
> "$LOCAL" ]; then
>     echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
>     echo /var/qmail/supervise/qmail-smtpd/run
>     exit 1
> fi
> 
> if [ ! -f /var/qmail/control/rcpthosts ]; then
>     echo "No /var/qmail/control/rcpthosts!"
>     echo "Refusing to start SMTP listener because it'll create an open
> relay"
>     exit 1
> fi
> 
> exec /usr/local/bin/softlimit -m 100000000 \
>     /usr/local/bin/envdir /etc/relay-ctrl \
>     /usr/local/bin/relay-ctrl-chdir \
> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb \
>         -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
>         /usr/local/bin/relay-ctrl-check \
>         /var/qmail/bin/relay-ctrl-norbl \
>         /usr/local/bin/rblsmtpd -rdnsbl.sorbs.net -rsbl.spamhaus.org
> -rsbl-xbl.spamhaus.org -rcombined.njabl.org -rrelays.ordb.org
                                                ^^^^^^^^^^^^^^^

there's your problem.

this rbl list no longer exists.  Doing lookups against it will fail and
rblsmtpd will wait around for it to time out, which I believe is upwards
of 1 minute (and there's no way, without modifying the source code, to
change this timeout value)

Also, you have redundant entries for sbl.spamhaus.org and
sbl-xbl.spamhaus.org (sbl-xbl encompasses all of the sbl) and also,
sbl-xbl may not exist in the near future, so you should switch to zen
(as mentioned previously on this list by Russ) or switch to separate
entries for sbl and xbl.

-Jeremy

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: 451 Could not complete sender verify callout, Matthew R. Dempsky
Next by Date:  Re: 451 Could not complete sender verify callout, Matt Simpson
Previous by Thread:  Re: 451 Could not complete sender verify callout, Phil Breskey
Next by Thread:  Re: 451 Could not complete sender verify callout, Uncle George
Indexes:  [Date] [Thread] [Top] [All Lists]