Whitelist For Exim Sender Verify Callout
Posted April 30, 2007 - johnhesch.com

Whitelist For Exim Sender Verify Callout

Recently a user called and said that he was not receiving emails from a particular person. The email was being sent, but not received by the user. After verifying that the email was not getting caught up in a spam filter, I looked through the Exim logs located at /var/log/exim_mainlog. I found the email was being rejected with the error

could not complete sender verify callout

Exim by default, will check the senders email address and send a callback to the sending server to check and see if the users email address actually exists. In this case the senders email server was not verifying the email address actually exists and so the email was being rejected.

I didn't want to turn off callouts to verify the existence of email senders so I did some digging and found that Exim allows the callout feature to check with a whitelist to see if a callout instruction should be ignored. The instructions were locked within the cPanel forums which require registration and so my Google check didn't find these instructions.

I'm posting them here in hopes that others can find them easily. The original forum post is located here.

Create a file that will be the actual whitelist. In this example it is /etc/whitelist_senders - the addresses need to be listed one entry per line, either the email address or use the wildcard to do an entire domain. To create the file:
PLAIN TEXT
CODE:

 touch /etc/whitelist_senders

In WHM, in the top most edit box add (if there is anything else in the text box add this bellow it):
PLAIN TEXT
CODE:

addresslist whitelist_senders = wildlsearch;/etc/whitelist_senders

Still in WHM. scroll down to where there are three text boxes together. This is the begin ACL section. In the middle box scroll down until you find:
PLAIN TEXT
CODE:

#sender verifications are required for all messages that are not sent to lists
require verify = sender/callout
accept domains = +local_domains
endpass

and change it to:
PLAIN TEXT
CODE:

#sender verifications are required for all messages that are not sent to lists
deny
!verify   = sender/callout
!senders  = +whitelist_senders
accept domains = +local_domains
endpass

Still in the middle box scroll down to the end and change:
PLAIN TEXT
CODE:

#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept

to this:
PLAIN TEXT
CODE:

#!!# ACL that is used after the DATA command
check_message:
deny
!verify   = header_sender
!senders  = +whitelist_senders
accept

Save and exit. Now try to send and receive email to make sure everything is still working. If all is ok add the address in question to the whitelist and see if it works.

Then put the sender addresses in the file /etc/whitelist_senders, one per line, e.g.
PLAIN TEXT
CODE:

someone@domain1.tld
*@domain2.tld