Michael Brandonisio

Hello,

I recently upgraded my servers to the cpanel 11 when I received a notice from cpanel that stated, “Unable to automaticlly update the mailer config…”. So I manually performed the upgrade only to discover that email was being handled very differently after the upgrade. No email that was marked as SPAM was was being delivered. Instead it was being dropped. This meant that there would be no way to check for a false positive email marked as SPAM. Normally spammy email has it’s subject rewritten to prefixed with, “[spam]”. This allowed the user to then use a filter in their email client to filter email with “[spam]” in the subject to a folder for later review. This would keep the inbox clean.

I did some research and found that this was a common issue with the new cPanel 11. After many hours of thinking that I may have to downgrade the server to cPanel 10, I found my answer in WHM. When you log into WHM as root there is a section called, “Service Configuration”. In this section you will find, “Exim Configuration Editor”.

In the “Exim Configuration Editor” page in the, “Mail” section just above the the buttons marked, “Visualized ACLs and Save” is an option to use the old old transport, “Use the old transport based spamassassin system instead of the new acl style one. (not recommended, slow)”. When I first saw this and it said it was not recommended I looked for an alternative. I could not find one. I need my email spammy or not to be delivered to each users inbox for their review.

Check this option, “Use the old transport based spamassassin system instead of the new acl style one. (not recommended, slow)” and click the save button. If you were previously using subject rewrites SPAM Assassin will again rewrite your subjects. You can also make use tof the X-Spam-Flag header for filtering this is a YES or NO value.

At least by doing this you can continue to make use of the NEW cPanel 11 features while monitoring the cPanel forums to see of the Exim ACL’s have been fixed to allow subject rewrites and delivery of email marked as SPAM.

Sincerely,
Mike

Hello,

This is a re-write with a few additions of a solution that I found on 2 BLOG’s and in the cPanel Forum. My sources are: johnhesch.com, yamzy.net and forums.cpanel.net.

I was having some issues with a few clients and their email. A client would call me and say, “A vendor says that they cannot send email to me. What’s going on?”

I’d chime back, “Did they give you any more information? If you can ask them to fax you the bounce message or email it to my comcast account I will look into it.”

Eventually I’d receive the error the message. It would read something like:

Error 451: Deferred sender callout cannot be verified.
or
Error 550: Verify sender callout failed.

If you look in your exim Logs /var/log/exim_mainlog you might find something like:

could not complete sender verify callout

Exim by default, will check the senders email address and send a callback to the sending server to check and see if the users email address actually exists. In this case the senders email server was not verifying the email address actually exists and so the email was being rejected. In some cases the sending server does not wait long enough for the check to complete. Most of the time this is an issue with the sending servers configuration. It is not RFC compliant. It is not always possible to contact the senders server admin to alert them of their server issue. You may want to just make a concession on your end.

In cPanel or more specifically “WHM -> Service Configuration -> Exim Configuration Editor” there are 2 setting that help keep SPAM down “Verify the existence of email senders.” and “Use callouts to verify the existence of email senders.” These Exim directives tell Exim to perform the checks. I tried to turn them off for about 4 months. My server mail queue was loaded with over 3000 emails. The queue ages 7 days then deletes but still something was wrong. Then I got on an RBL list and that was the straw that started the search for a solution. I enabled both “Verify the existence of email senders.” and “Use callouts to verify the existence of email senders.” while I looked for a solution. In 7 days my queue dropped to just 40 emails. Now I still had a clients that needed to communicate with their vendors.

After Googling I found my solution on johnhesch.com. I nearly lost it. When I finally confirmed that what was posted there was worth trying the link was broken. I contacted John via email to ask about it and he sent me back the info I needed. I later found what looks like a copy of John’s posting here yamzy.net.

So it turns out what I needed was a white list. Now Starts the “How To” Create a file that will be the actual white list. In this example it is /etc/exim_whitelist_senders – the addresses need to be listed one entry per line, either the email address or use the wildcard to do an entire domain. The Following supports cPanel 10.

1. SSH into your server and as root or using SUDO or SU run this command:
   touch /etc/exim_whitelist_senders
2. In WHM, got to “WHM -> Service Configuration -> Exim Configuration Editor.”
   In the top most edit box add (if there is anything else in the text box add this bellow it):
   addresslist whitelist_senders = wildlsearch;/etc/exim_whitelist_senders
3. Still in WHM. scroll down to where there are three text boxes together. This is the begin ACL section. In the middle box scroll down until you find:
   #sender verifications are required for all messages that are not sent to lists
   require verify = sender/callout
   accept domains = +local_domains
   endpassIn

   cPanel 11 look for:
   [% ACL_RBL_BLOCK %]
   require verify = sender/callout=60s

4. and change it to:
   #sender verifications are required for all messages that are not sent to lists
   deny
   !verify = sender/callout=30s,defer_ok,maxwait=60s
   !senders = +whitelist_senders
   accept domains = +local_domains
   endpass
5. Save and exit. Now try to send and receive email to make sure everything is still working. If all is ok add the address in question to the white list and see if it works.
6. Put the sender addresses in the file /etc/exim_whitelist_senders, one per line, e.g. someone@domain1.tld
   *@domain2.tld

If you do not want an RFC compliant email server make this change too. When I made this change it broke my setup. Verifying the header can cause valid email to fail this check since some valid email does not come from users but is created by the automated systems, like a server. I WOULD NOT MAKE THIS CHANGE. It took me 5 day to figure out this was the part that broke the above setup.

1. Still in the middle box scroll down to the end and change:
   #!!# ACL that is used after the DATA command
   check_message:
   # Enabling this will make the server non-rfc compliant
   #require verify = header_sender
   accept
2. and change it to:
   #!!# ACL that is used after the DATA command
   check_message:
   deny
   !verify = header_sender
   !senders = +whitelist_senders
   accept

It did not really break it but for some reason beyond me it was not working with this section active. Disabling it made my white list work like a charm.

Sincerely,
Mike

Have you ever been in a situation where you literally had a $1,000,000 lead for the company you work for? You excitedly pass this huge prospect for new business to a partner or supervisor. You Ask about a month later if they landed the project only to hear, … “Oh I’m sorry. I dropped the ball on that one. I never followed up with your prospect.”

All you can think is, “What!? … What!? #$!%!*@!” So you run back to your desk to call your contact. You need to see if anything can be salvaged. Your contact is short with you and understandably upset. Not outwardly but you can cut the tension in the air with a knife. They went out of their way to sell their office on using your services, to give you a little something, and they end up scrambling for a replacement. You made him look bad to the others in the office.

So what now. You’re upset, but you can’t charge the partners office, the guy who dropped the proverbial ball!, and pitch them out the window.

You learn and change. You learn that it is up to you to have a plan. You learn that in life if you merely hand off, you are leaving yourself open to someone else’s failure.

Look back on what transpired. It is very easy to point at the other guy and say, “If he only made the call. Why didn’t he follow up.” Even more so you should be saying, “If this was such a large prospect, WHAT WERE YOU DOING TO MAKE SURE THE PROJECT WAS LANDED.” A 4 to 6 week followup does not cut it. You need to pass the lead, then follow up with both client and sales person. Stay on top of of what is going on. Ask your sales guy questions, SMART ones like, “So after we do this project, do you think they would be interested in an ongoing support package for all 8 facilities?” Get them thinking that this is really a big deal too.

Now I’ll pull back a bit. You cannot ride everyone to make them get your agenda completed. You have pick your battles and fight when it’s right. Use this as a strategy, a means to an end goal. Too much and your office will hate you, not enough and your client will hate you then move to your competitor. Balance. Planning.

Having a plan can often keep bad things from happening or looking on the other side will keep you flush with good things. Often a plan can be the mere thought of something with a start and end result. Just by think something through you have created a plan that you will work toward without going through the process of writing it down and outlining or profiling. If you stop and think things through you are getting ahead. If you write lists of things that need to be done to get to an end result you are really detailing the finer points. But when you get the time to write a summary with steps in the plan and the conclusion you have a real tool to work with.

Making a plan is as simple as creating an outline. Expand the definition of each outline item. Insert the steps to complete each task and put it to a timeline.

So when anyone who has influence on your life fails and it affects you in a negative way, you could have limited the effects by being proactive. Pause for a moment. This is not a catch all one size fits all. Mostly, it can be limited. Example, Call people to confirm appointments the day before. Make sure you always have an extra, that is extra $20 or $50 in your pocket somewhere. When approaching a blind corner anywhere, slowdown and swing wide away from the blind spot. Don’t tailgate…

So now that you know that you are in control of your own life, what are you going to do? Ah nice read or a make plan and follow through. Did you know that a 1% increase in anything per week will net you a 67% increase over the course of a year. Now do that every year or every other year. Small change can have large cascading effects.

Sincerely,
Mike