Strange qmail failure message

[Liquid Crystal]

Hello everyone,

I have qmail-1.1.03-r16 running so far so good on gentoo. However, I noticed today a strange error message, which I never saw before. It is stated as:

User and password not set, continuing without authentication.
212.0.132.22 does not like recipient.
Remote host said: 451 Could not complete sender verify callout
Giving up on 212.0.132.22.
I'm not going to try again; this message has been in the queue too long.

Google wasn't really helpful on this , which is not good
_________________
Making *nix user friendly is easier than debugging Windoz
Tuxntosh web site The *nix Graphics Web Site (Warning! Not for M$ Windowz users!)

[adaptr]

Sender verification is a standard component of spam detection; make sure you have a publicly listed MX for that server, and that your box is not relaying mail from outside your domain.
It could also be that the remote host is trying to do an actual VRFY to your mail server, which should normally be disabled to stop your server from becoming an easy spam target - if that is it, the remote host is too strict and all you can do is disregard it.

NOTE to all this: you should not, as a matter of course, send mail to or accept maill from a server that only has an IP address - a proper MTA always has both a forward and reverse FQDN properly configured.

Personally, my Exim config drops the connection if no mail server name is given anywhere.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

[DaveArb]

[Liquid Crystal]

[adaptr]

Then it's probably door #2.
In fact, I even suspect it may be Exim on the other end, as that does have configuration options for "callouts", exactly as it's called in that error message.
These do, indeed, try to run a VRFY on the remote host - which will almost certainly fail on any MTA that has even slightly clueful admins behind it.
(You definitely do not want to make the spammers' lives that easy!)

Check who the are, drop any such messages in the future - they're clueless.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

[magic919]

I didn't realise Exim ran a VRFY on the host. I understood it ran a standard SMTP chitchat right up to the point it gives the third party server the RCPT address address.totest@example.com and then QUITs on success or otherwise. Can't see how you'd lock those out. Hmmm.

[adaptr]

Well, you may be right at that.
Supporting VRFY (or requiring others to support it) is simply not of this age anymore.

Although, looking at it from the other side, starting up an SMTP connection and then dropping it seems both expensive and uncivil, to me.
It may be the best way to ascertain if a recipient exists, but heck it might as wel defer that until it actually tries to deliver.
(Unless the traffic that receiving the message implies is undesirable, but in this time of mbit connections, who cares?)

I would like a pointer to where you found that, if you have one - I haven't been able to find anything in the Exim spec about what exactly happens during a callout.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

[magic919]

I just did a search on www.alltheweb.com.

Here's some from Exim logs on a server I look after.